The systemd journal

systemd-journald (often called simply journald) is a systemd service that collects and stores logging data. It collects and stores this data in structured, indexed journal files and collects from a variety of sources, including:

• Kernel log messages via kmsg
• Simple system log messages, via the libc syslog(3) call
• Structured system log messages via the native Journal API (see sd_journal_print(3))
• Standard output and standard error of service units.
• Audit records, originating from the kernel audit subsystem

Compared to traditional syslog, data collected by systemd-journald captures more rich metadata that cannot be faked. Details on these fields can be found in systemd.journal-fields(7).

As the systemd journal is stored in a binary format, the journalctl(1) command may be used to query these files.

Examples

Live tail new logs:

journalctl --follow

Display only logs for foo.service:

journalctl --unit foo.service

Display logs related to a specified executable:

journalctl /bin/bash

Display logs spanning a certain time range:

journalctl --since yesterday
journalctl --since "2015-01-10" --until "2015-01-11 03:00"

Display just kernel messages:

journalctl --dmesg