How to use systemd’s journalctl patterns

arch-linuxjournaldsystemd

I am trying to use journalctl's pattern matching on SYSLOG_IDENTIFIERS. As an example, I have a ton of message tagged sshd:

$ journalctl -t sshd | wc -l
987

but if I try to use pattern matching to find them:

$ journalctl -t 'ssh*'
-- No Entries --
$ journalctl -t 'ssh.*'
-- No Entries --

The journalctl man page says patterns should work, but I can't find anything else about how patterns are used/defined in systemd.

$ man journalctl
....
-t, --identifier=SYSLOG_IDENTIFIER|PATTERN
       Show messages for the specified syslog identifier SYSLOG_IDENTIFIER,
       or for any of the messages with a "SYSLOG_IDENTIFIER" matched by PATTERN.

I'm running ArchLinux:

$ journalctl --version
systemd 225
+PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP
+GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID -ELFUTILS +KMOD +IDN

Best Answer

This was a doc bug that was closed when the typo in the man page was updated.

The bug report led to the following comments in the code:

We don't actually accept patterns, hence don't claim so.

As a workaround, you may be able to use grep as suggested in the comments to your question. Something like this:

journalctl | grep sshd

Related Solutions

Systemd – How to Set Environment Variable in Service

Times change and so do best practices.

The current best way to do this is to run systemctl edit myservice, which will create an override file for you or let you edit an existing one.

In normal installations this will create a directory /etc/systemd/system/myservice.service.d, and inside that directory create a file whose name ends in .conf (typically, override.conf), and in this file you can add to or override any part of the unit shipped by the distribution.

For instance, in a file /etc/systemd/system/myservice.service.d/myenv.conf:

[Service]
Environment="SECRET=pGNqduRFkB4K9C2vijOmUDa2kPtUhArN"
Environment="ANOTHER_SECRET=JP8YLOc2bsNlrGuD6LVTq7L36obpjzxd"

Also note that if the directory exists and is empty, your service will be disabled! If you don't intend to put something in the directory, ensure that it does not exist.

For reference, the old way was:

The recommended way to do this is to create a file /etc/sysconfig/myservice which contains your variables, and then load them with EnvironmentFile.

For complete details, see Fedora's documentation on how to write a systemd script.

Journalctl Access for Non-Root Users – How to Enable

The solution is to change group ownership and add a sticky bit to the parent folder before the .journal files are created.

chown :systemd-journal /var/log/journal/f9afeb75a5a382dce8269887a67fbf58
chmod g+s /var/log/journal/f9afeb75a5a382dce8269887a67fbf58

Best Answer

Related Solutions

Systemd – How to Set Environment Variable in Service

Journalctl Access for Non-Root Users – How to Enable

Related Topic