Journald : 基本操作2026/06/19 |
|
ログ管理サービス Journald の基本操作です。 |
|
| [1] | システム デフォルトで Journald が稼働し、システムの多くのログは、まず最初に Journald によって保管されます。 よって、[Journald (systemd-journald.service systemd-journald.socket systemd-journald-dev-log.socket)] が停止した場合は、システムの主要なログの記録も停止します。 |
|
root@dlp:~# systemctl status systemd-journald.service
● systemd-journald.service - Journal Service
Loaded: loaded (/usr/lib/systemd/system/systemd-journald.service; static)
Drop-In: /usr/lib/systemd/system/systemd-journald.service.d
+-- nice.conf
Active: active (running) since Thu 2026-06-18 23:54:28 UTC; 19s ago
Invocation: 3f99e5609596430e8d9603b9a59034ed
TriggeredBy: ● systemd-journald.socket
● systemd-journald-dev-log.socket
○ systemd-journald-audit.socket
Docs: man:systemd-journald.service(8)
man:journald.conf(5)
Main PID: 818 (systemd-journal)
Status: "Processing requests..."
Tasks: 1 (limit: 3991)
FD Store: 13 (limit: 4224)
Memory: 10.1M (peak: 10.7M)
CPU: 66ms
CGroup: /system.slice/systemd-journald.service
.....
.....
|
| [2] | Journald の設定は [/etc/systemd/journald.conf] で変更可能です。 デフォルトでは全てコメントとなっていますが、記載の値がデフォルト値となっています。 |
|
root@dlp:~# cat /etc/systemd/journald.conf [Journal] #Storage=persistent #Compress=yes #Seal=yes #SplitMode=uid #SyncIntervalSec=5m #RateLimitIntervalSec=30s #RateLimitBurst=10000 #SystemMaxUse= #SystemKeepFree= #SystemMaxFileSize= #SystemMaxFiles=100 #RuntimeMaxUse= #RuntimeKeepFree= #RuntimeMaxFileSize= #RuntimeMaxFiles=100 #MaxRetentionSec=0 #MaxFileSec=1month #ForwardToSyslog=no #ForwardToKMsg=no #ForwardToConsole=no #ForwardToWall=yes #TTYPath=/dev/console #MaxLevelStore=debug #MaxLevelSyslog=debug #MaxLevelKMsg=notice #MaxLevelConsole=info #MaxLevelWall=emerg #MaxLevelSocket=debug #LineMax=48K #ReadKMsg=yes #Audit=yes |
| [3] | Journald のログの保管場所は [Storage=***] で設定されています。 ログの保管場所については、[ForwardToSyslog=yes] の設定により、ログは syslog に転送されるため、Rsyslog 等のシスログサービスがインストールされ、稼働している場合には、従来の [/var/log/syslog] ファイル等々にも保管されます。 |
# [Storage=***] の設定値 # # volatile : メモリーに保管 : [/run/log/journal] 配下 # persistent : ディスクに保管 : [/var/log/journal] 配下 # システム起動時等、ディスク書き込み不可な場合はメモリー # auto : [/var/log/journal] が存在する場合はディスク # 存在しない場合はメモリー # none : ログを保管しない # ただし、コンソールや Syslog サービス等、他の設定済み保管ターゲットにはログは転送される # # * メモリー保管は永続的ではない (システム再起動時に過去ログは消去) # Ubuntu のデフォルトは [persistent] のため [/var/log/journal] に保管
root@dlp:~#
root@dlp:~# grep Storage /etc/systemd/journald.conf #Storage=persistent ll -d /var/log/journal drwxr-sr-x+ 3 root systemd-journal 4096 May 6 02:46 /var/log/journal/root@dlp:~# ll -Rh /var/log/journal /var/log/journal: total 12K drwxr-sr-x+ 3 root systemd-journal 4.0K May 6 02:46 ./ drwxrwxr-x 11 root syslog 4.0K Jun 18 23:54 ../ drwxr-sr-x+ 2 root systemd-journal 4.0K Jun 18 23:53 07f56090dad245fc9a9afd8b1df7d909/ /var/log/journal/07f56090dad245fc9a9afd8b1df7d909: total 23M drwxr-sr-x+2 root systemd-journal 4.0K Jun 18 23:53 ./ drwxr-sr-x+3 root systemd-journal 4.0K May 6 02:46 ../ -rw-r-----+1 root systemd-journal 8.0M Jun 18 23:54 system.journal -rw-r-----+1 root systemd-journal 8.0M Jun 18 23:53 system@2bc3cd8eac864a5bbd41f7dfc31ccfe7-0000000000000001-0006511d2bfc19c7.journal -rw-r-----+1 root systemd-journal 8.0M May 6 02:51 user-1000.journal |
| [4] | Journald のログは [journalctl] コマンドで表示可能です。 |
|
# 引数なしで全ログを表示 : 結果は [less] コマンドに渡される # [less] に渡さない場合は [--no-pager] オプション付加 root@dlp:~# journalctl May 06 02:46:34 ubuntu kernel: Linux version 7.0.0-15-generic (buildd@lcy02-amd64-048) (x86_64-linux-gnu-gcc (Ubuntu 15.2.0-16ubuntu1) 15.2.0, GNU ld (GNU Binutils for Ubuntu) 2.46) #15-Ubuntu SMP PREEMPT_DYNAMIC Wed Apr 22 16:06:43 UTC 2026 (Ubuntu 7.0.0-15.15-generic 7.0.0) May 06 02:46:34 ubuntu kernel: Command line: BOOT_IMAGE=/vmlinuz-7.0.0-15-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro console=ttyS0,115200n8 crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M May 06 02:46:34 ubuntu kernel: KERNEL supported cpus: May 06 02:46:34 ubuntu kernel: Intel GenuineIntel May 06 02:46:34 ubuntu kernel: AMD AuthenticAMD May 06 02:46:34 ubuntu kernel: Hygon HygonGenuine May 06 02:46:34 ubuntu kernel: Centaur CentaurHauls May 06 02:46:34 ubuntu kernel: zhaoxin Shanghai May 06 02:46:34 ubuntu kernel: BIOS-provided physical RAM map: May 06 02:46:34 ubuntu kernel: BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] System RAM ..... ..... # [-u UNIT] : 特定の UNIT のログを表示 root@dlp:~# journalctl -u cron.service May 06 02:47:12 ubuntu systemd[1]: Started cron.service - Regular background program processing daemon. May 06 02:47:12 ubuntu (cron)[1275]: cron.service: Referenced but unset environment variable evaluates to an empty string: EXTRA_OPTS May 06 02:47:12 ubuntu cron[1275]: (CRON) INFO (pidfile fd = 3) May 06 02:47:12 ubuntu cron[1275]: (CRON) INFO (Running @reboot jobs) May 06 02:51:19 ubuntu systemd[1]: Stopping cron.service - Regular background program processing daemon... May 06 02:51:19 ubuntu systemd[1]: cron.service: Deactivated successfully. May 06 02:51:19 ubuntu systemd[1]: Stopped cron.service - Regular background program processing daemon. -- Boot 0af5b92fb9fa4df3941e548d09fd471f -- May 06 02:51:27 ubuntu systemd[1]: Started cron.service - Regular background program processing daemon. May 06 02:51:27 ubuntu (cron)[1322]: cron.service: Referenced but unset environment variable evaluates to an empty string: EXTRA_OPTS ..... .....root@dlp:~# journalctl -u systemd-tmpfiles-clean.timer May 06 02:47:12 ubuntu systemd[1]: Started systemd-tmpfiles-clean.timer - Daily Cleanup of Temporary Directories. May 06 02:51:19 ubuntu systemd[1]: systemd-tmpfiles-clean.timer: Deactivated successfully. May 06 02:51:19 ubuntu systemd[1]: Stopped systemd-tmpfiles-clean.timer - Daily Cleanup of Temporary Directories. -- Boot 0af5b92fb9fa4df3941e548d09fd471f -- May 06 02:51:26 ubuntu systemd[1]: Started systemd-tmpfiles-clean.timer - Daily Cleanup of Temporary Directories. May 06 02:52:33 ubuntu systemd[1]: systemd-tmpfiles-clean.timer: Deactivated successfully. May 06 02:52:33 ubuntu systemd[1]: Stopped systemd-tmpfiles-clean.timer - Daily Cleanup of Temporary Directories. -- Boot 7e40068c373d480ca0188a89d7a1861d -- May 06 02:52:40 ubuntu systemd[1]: Started systemd-tmpfiles-clean.timer - Daily Cleanup of Temporary Directories. May 06 02:52:55 ubuntu systemd[1]: systemd-tmpfiles-clean.timer: Deactivated successfully. ..... ..... # [-k] : 起動時のカーネルメッセージを表示 root@dlp:~# journalctl -k Jun 18 23:54:26 ubuntu kernel: Linux version 7.0.0-15-generic (buildd@lcy02-amd64-048) (x86_64-linux-gnu-gcc (Ubuntu 15.2.0-16ubuntu1) 15.2.0, GNU ld (GNU Binutils for Ubuntu) 2.46) #15-Ubuntu SMP PREEMPT_DYNAMIC Wed Apr 22 16:06:43 UTC 2026 (Ubuntu 7.0.0-15.15-generic 7.0.0) Jun 18 23:54:26 ubuntu kernel: Command line: BOOT_IMAGE=/vmlinuz-7.0.0-15-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro console=ttyS0,115200n8 crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M Jun 18 23:54:26 ubuntu kernel: KERNEL supported cpus: Jun 18 23:54:26 ubuntu kernel: Intel GenuineIntel Jun 18 23:54:26 ubuntu kernel: AMD AuthenticAMD Jun 18 23:54:26 ubuntu kernel: Hygon HygonGenuine Jun 18 23:54:26 ubuntu kernel: Centaur CentaurHauls Jun 18 23:54:26 ubuntu kernel: zhaoxin Shanghai Jun 18 23:54:26 ubuntu kernel: BIOS-provided physical RAM map: Jun 18 23:54:26 ubuntu kernel: BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] System RAM ..... ..... # [-p Priority] : 特定のプライオリティのログを表示 root@dlp:~# journalctl -p err May 06 02:46:34 ubuntu kernel: KHO: Failed to reserve lowmem scratch buffer May 06 02:51:20 ubuntu systemd-tmpfiles[2395]: Failed to create symlink '/run/initramfs/lib64/ld-linux-x86-64.so.2': Not a directory -- Boot 0af5b92fb9fa4df3941e548d09fd471f -- May 06 02:51:23 ubuntu kernel: KHO: Failed to reserve lowmem scratch buffer May 06 02:52:34 ubuntu systemd-tmpfiles[2439]: Failed to create symlink '/run/initramfs/lib64/ld-linux-x86-64.so.2': Not a directory -- Boot 7e40068c373d480ca0188a89d7a1861d -- May 06 02:52:37 ubuntu kernel: KHO: Failed to reserve lowmem scratch buffer May 06 02:52:55 ubuntu systemd-tmpfiles[1700]: /run/initramfs/etc/initrd-release exists and is not a regular file. May 06 02:52:55 ubuntu (sd-pam)[1526]: pam_systemd(systemd-user:session): Varlink call io.systemd.Login.ReleaseSession failed: io.systemd.Login.NoSuchSession -- Boot 0c4275c4b26e47968f876f0586c47158 -- ..... ..... # [-g PATTERN] : [MESSAGE] フィールドから特定のワード [PATTERN] を含むログを表示 root@dlp:~# journalctl -g "apparmor" May 06 02:46:34 ubuntu kernel: AppArmor: AppArmor initialized May 06 02:46:34 ubuntu kernel: AppArmor: AppArmor secmark mediation reserved: ready to be enabled May 06 02:46:34 ubuntu kernel: AppArmor: AppArmor Filesystem Enabled May 06 02:46:34 ubuntu kernel: AppArmor: AppArmor sha256 policy hashing enabled May 06 02:46:34 ubuntu kernel: evm: security.apparmor May 06 02:46:34 ubuntu systemd[1]: systemd 259.5-0ubuntu3 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +IPE +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +KMOD +LIBCRYPTSETUP +LIBCRYPTSETUP_PLUGINS +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +BTF -XKBCOMMON -UTMP +SYSVINIT +LIBARCHIVE) May 06 02:46:36 ubuntu systemd[1]: systemd 259.5-0ubuntu3 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +IPE +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +KMOD +LIBCRYPTSETUP +LIBCRYPTSETUP_PLUGINS +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +BTF -XKBCOMMON -UTMP +SYSVINIT +LIBARCHIVE) May 06 02:46:37 ubuntu systemd[1]: Starting apparmor.service - Load AppArmor profiles... May 06 02:46:37 ubuntu apparmor.systemd[1008]: Restarting AppArmor May 06 02:46:37 ubuntu apparmor.systemd[1008]: Reloading AppArmor profiles ..... ..... # [-S DATE] : 特定の DATE 以降のログを表示 # [-U DATE] : 特定の DATE までのログを表示 root@dlp:~# journalctl -S "2026-06-10 00:00:00" -U "2026-06-20 23:59:59" Jun 18 23:53:07 ubuntu kernel: Linux version 7.0.0-15-generic (buildd@lcy02-amd64-048) (x86_64-linux-gnu-gcc (Ubuntu 15.2.0-16ubuntu1) 15.2.0, GNU ld (GNU Binutils for Ubuntu) 2.46) #15-Ubuntu SMP PREEMPT_DYNAMIC Wed Apr 22 16:06:43 UTC 2026 (Ubuntu 7.0.0-15.15-generic 7.0.0) Jun 18 23:53:07 ubuntu kernel: Command line: BOOT_IMAGE=/vmlinuz-7.0.0-15-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro console=ttyS0,115200n8 crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M Jun 18 23:53:07 ubuntu kernel: KERNEL supported cpus: Jun 18 23:53:07 ubuntu kernel: Intel GenuineIntel Jun 18 23:53:07 ubuntu kernel: AMD AuthenticAMD Jun 18 23:53:07 ubuntu kernel: Hygon HygonGenuine Jun 18 23:53:07 ubuntu kernel: Centaur CentaurHauls Jun 18 23:53:07 ubuntu kernel: zhaoxin Shanghai Jun 18 23:53:07 ubuntu kernel: BIOS-provided physical RAM map: Jun 18 23:53:07 ubuntu kernel: BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] System RAM ..... ..... # その他オプションを表示 root@dlp:~# journalctl --help
journalctl [OPTIONS...] [MATCHES...]
Query the journal.
Options:
--system Show the system journal
--user Show the user journal for the current user
-M --machine=CONTAINER Operate on local container
-S --since=DATE Show entries not older than the specified date
.....
.....
|
|
|