1. DESCRIPTION
2. OPTIONS
3. ENVIRONMENT
4. EXAMPLES
5. NOTES


注: 本文是man page的google翻译, 仅供参考.
https://wiki.archlinux.org/index.php/Systemd/Journal
https://jlk.fjfi.cvut.cz/arch/manpages/man/journalctl.1

1. DESCRIPTION

NAME: journalctl - Query the systemd journal
SYNOPSIS: journalctl [OPTIONS...] [MATCHES...]
DESCRIPTION:

journalctl may be used to query the contents of the systemd(1) journal as written by systemd-journald.service(8).
If called without parameters, it will show the full contents of the journal, starting with the oldest entry collected.		 journalctl可用于查询由systemd-journald.service(8)编写的systemd(1)日记的内容。
如果不带参数调用, 它将显示日志的全部内容, 从最早收集的条目开始。
If one or more match arguments are passed, the output is filtered accordingly.
A match is in the format "FIELD=VALUE", e.g. "_SYSTEMD_UNIT=httpd.service", referring to the components of a structured journal entry.
See systemd.journal-fields(7) for a list of well-known fields.
If multiple matches are specified matching different fields, the log entries are filtered by both, i.e. the resulting output will show only entries matching all the specified matches of this kind.
If two matches apply to the same field, then they are automatically matched as alternatives, i.e. the resulting output will show entries matching any of the specified matches for the same field.
Finally, the character "+" may appear as a separate word between other terms on the command line.
This causes all matches before and after to be combined in a disjunction (i.e. logical OR).		 如果传递了一个或多个匹配参数, 则会对输出进行相应的过滤。
匹配的格式为" FIELD = VALUE”, 例如" _SYSTEMD_UNIT = httpd.service”, 指结构化日记帐分录的组件。
有关知名字段的列表, 请参见systemd.journal-fields(7)。
如果指定了多个匹配项来匹配不同的字段, 则日志条目将被两者过滤, 即结果输出将仅显示与所有指定的此类匹配项匹配的条目。
如果两个匹配项应用于同一字段, 则它们会自动作为替代匹配, 即结果输出将显示与同一字段的任何指定匹配项匹配的条目。
最后, 字符" +”可能作为命令行中其他术语之间的单独单词出现。
这使得之前和之后的所有匹配项被合并在一起(即逻辑或)。
It is also possible to filter the entries by specifying an absolute file path as an argument.
The file path may be a file or a symbolic link and the file must exist at the time of the query.
If a file path refers to an executable binary, an "_EXE=" match for the canonicalized binary path is added to the query.
If a file path refers to an executable script, a "_COMM=" match for the script name is added to the query.
If a file path refers to a device node, "_KERNEL_DEVICE=" matches for the kernel name of the device and for each of its ancestor devices is added to the query.
Symbolic links are dereferenced, kernel names are synthesized, and parent devices are identified from the environment at the time of the query.
In general, a device node is the best proxy for an actual device, as log entries do not usually contain fields that identify an actual device.
For the resulting log entries to be correct for the actual device, the relevant parts of the environment at the time the entry was logged, in particular the actual device corresponding to the device node, must have been the same as those at the time of the query.
Because device nodes generally change their corresponding devices across reboots, specifying a device node path causes the resulting entries to be restricted to those from the current boot.		 也可以通过将绝对文件路径指定为参数来过滤条目。
文件路径可以是文件或符号链接, 并且该文件在查询时必须存在。
如果文件路径引用可执行二进制文件, 则将规范化二进制路径的" _EXE ="匹配项添加到查询中。
如果文件路径引用可执行脚本, 则将脚本名称的" _COMM ="匹配项添加到查询中。
如果文件路径引用设备节点, 则将" _KERNEL_DEVICE ="与设备的内核名称及其每个祖先设备的匹配项添加到查询中。
在查询时, 取消了符号链接的引用, 合成了内核名称, 并从环境中标识了父设备。
通常, 设备节点是实际设备的最佳代理, 因为日志条目通常不包含标识实际设备的字段。
为了使生成的日志条目对实际设备正确, 记录该条目时环境的相关部分(尤其是与该设备节点相对应的实际设备)必须与在使用时相同。查询。
由于设备节点通常会在重新引导期间更改其相应的设备, 因此指定设备节点路径会导致结果条目仅限于当前引导中的条目。
Additional constraints may be added using options --boot, --unit=, etc., to further limit what entries will be shown (logical AND).
Output is interleaved from all accessible journal files, whether they are rotated or currently being written, and regardless of whether they belong to the system itself or are accessible user journals.
The set of journal files which will be used can be modified using the --user, --system, --directory, and --file options, see below.

All users are granted access to their private per-user journals.
However, by default, only root and users who are members of a few special groups are granted access to the system journal and the journals of other users.
Members of the groups "systemd-journal", "adm", and "wheel" can read all journal files.
Note that the two latter groups traditionally have additional privileges specified by the distribution.
Members of the "wheel" group can often perform administrative tasks.		 可以使用--boot, --unit =等选项添加其他约束, 以进一步限制将显示哪些条目(逻辑与)。
所有可访问日记文件的输出都是交错的, 无论它们是循环的还是当前正在写入的, 无论它们是属于系统本身还是可访问的用户日记。
可以使用--user, --system, --directory和--file选项修改将要使用的日记文件集, 请参见下文。

授予所有用户访问其私人按用户日记的权限。
但是, 默认情况下, 只有root和属于几个特殊组的用户才被授予访问系统日志和其他用户日志的权限。
"systemd-journal", "adm", and "wheel" 组的成员可以读取所有日志文件。
请注意, 后两个组通常具有由分发指定的其他特权。
"wheel" 组的成员通常可以执行管理任务。
The output is paged through less by default, and long lines are "truncated" to screen width.
The hidden part can be viewed by using the left-arrow and right-arrow keys.
Paging can be disabled; see the --no-pager option and the "Environment" section below.

When outputting to a tty, lines are colored according to priority:
lines of level ERROR and higher are colored red;
lines of level NOTICE and higher are highlighted;
lines of level DEBUG are colored lighter grey;
Other lines are displayed normally.		 默认情况下, 输出通过较少的页面进行分页, 并且长行被"截断”为屏幕宽度。
可以使用左箭头键和右箭头键查看隐藏的部分。
可以禁用分页; 请参阅--no-pager选项和下面的"环境”部分。

输出到tty时, 将根据优先级对行进行着色:
ERROR错误和更高级别的行被着色为红色; (0,1,2,3) critical, alert, emergency
NOTICE注意和更高级别的行被突出显示; (4,5) warning
级别DEBUG的行为浅灰色; (7)
其他行正常显示。(6) infomational

2. OPTIONS

OPTIONS The following options are understood: 可以理解以下选项:
--no-full, --full, -l Ellipsize fields when they do not fit in available columns.
The default is to show full fields, allowing them to wrap or be truncated by the pager, if one is used.
The old options -l/--full are not useful anymore, except to undo –no-full.		 当省略号字段不适合可用列时。
默认值是显示完整字段, 如果使用了它们, 则允许它们将其包装或被寻呼机截断。
旧的选项-l /-full不再有用, 只能撤消—no-full。
-a, --all Show all fields in full, even if they include unprintable characters or are very long.
By default, fields with unprintable characters are abbreviated as "blob data".
(Note that the pager may escape unprintable characters again.)		 完整显示所有字段, 即使它们包含不可打印的字符或很长。
默认情况下, 具有不可打印字符的字段缩写为" blob数据”。
(请注意, 寻呼机可能会再次转义无法打印的字符。)
-f, --follow Show only the most recent journal entries, and continuously print new entries as they are appended to the journal. 仅显示最新的日记帐分录, 并在将新日记帐附加到日记帐时连续打印。
-e, --pager-end Immediately jump to the end of the journal inside the implied pager tool.
This implies -n1000 to guarantee that the pager will not buffer logs of unbounded size.
This may be overridden with an explicit -n with some other numeric value, while -nall will disable this cap.
Note that this option is only supported for the less(1) pager.		 立即在隐式分页器工具内跳转到日记的末尾。
这意味着-n1000保证分页器将不会缓冲无限制大小的日志。
可以使用带有其他数字值的显式-n覆盖此参数, 而-nall将禁用此上限。
请注意, 仅less(1)寻呼机支持此选项。
-n, --lines= Show the most recent journal events and limit the number of events shown.
If --follow is used, this option is implied.
The argument is a positive integer or "all" to disable line limiting.
The default value is 10 if no argument is given.		 显示最近的日记事件, 并限制显示的事件数。
如果使用--follow, 则暗示此选项。该
参数是一个正整数或"全部”以禁用行限制。
如果未提供任何参数, 则默认值为10。
--no-tail Show all stored output lines, even in follow mode. Undoes the effect of --lines=. 显示所有存储的输出行, 即使在跟随模式下也是如此。撤消--lines =的效果。
-r, --reverse Reverse output so that the newest entries are displayed first. 反向输出, 以便首先显示最新条目。
-o, --output= Controls the formatting of the journal entries that are shown. Takes one of the following options: 控制显示的日记帐分录的格式。采用以下选项之一:
短 (默认) short is the default and generates an output that is mostly identical to the formatting of classic syslog files, showing one line per journal entry. 是默认设置, 并且生成的输出与经典syslog文件的格式基本相同, 每个日志条目显示一行。
完整时间戳 short-full is very similar, but shows timestamps in the format the --since= and --until= options accept.
Unlike the timestamp information shown in short output mode this mode includes weekday, year and timezone information in the output, and is locale-independent.		 十分相似, 但是以--since =和--until =选项接受的格式显示时间戳。
与简短输出模式中显示的时间戳信息不同, 此模式在输出中包括工作日, 年份和时区信息, 并且与语言环境无关。
iso时间戳 short-iso is very similar, but shows ISO 8601 wallclock timestamps. 非常相似, 但显示的是ISO 8601挂钟时间戳。
iso精度时间戳 short-iso-precise as for short-iso but includes full microsecond precision. 至于短ISO, 但包括完整的微秒精度。
精确时间戳 short-precise is very similar, but shows classic syslog timestamps with full microsecond precision. 十分相似, 但显示的是完整毫秒级精度的经典syslog时间戳。
单调时间戳 short-monotonic is very similar, but shows monotonic timestamps instead of wallclock timestamps. 十分相似, 但显示单调时间戳而不是墙上时钟时间戳。
unix时间戳 short-unix is very similar, but shows seconds passed since January 1st 1970 UTC instead of wallclock timestamps ("UNIX time").
The time is shown with microsecond accuracy.		 十分相似, 但显示的是自1970年1月1日UTC以来经过的秒数, 而不是壁钟时间戳记(" UNIX时间”)。
时间以微秒为单位显示。
冗长-所有字段 verbose shows the full-structured entry items with all fields. 显示具有所有字段的完整结构的条目项目。
出口 export serializes the journal into a binary (but mostly text-based) stream suitable for backups and network transfer (see Journal Export Format[1] for more information).
To import the binary stream back into native journald format use systemd-journal-remote(8).		 将日记序列化为适合备份和网络传输的二进制(主要是基于文本的)二进制流(有关更多信息, 请参见Journal Export Format [1])。
要将二进制流导入回本机日记格式, 请使用systemd-journal-remote(8)。
json json formats entries as JSON objects, separated by newline characters (see Journal JSON Format[2] for more information).
Field values are generally encoded as JSON strings, with three exceptions:		 将条目格式化为JSON对象, 并以换行符分隔(有关更多信息, 请参见Journal JSON Format [2])。
字段值通常编码为JSON字符串, 但以下三个例外:
    1. Fields larger than 4096 bytes are encoded as null values.
(This may be turned off by passing --all, but be aware that this may allocate overly long JSON objects.)
2. Journal entries permit non-unique fields within the same log entry.
JSON does not allow non-unique fields within objects.
Due to this, if a non-unique field is encountered a JSON array is used as field value, listing all field values as elements.
3. Fields containing non-printable or non-UTF8 bytes are encoded as arrays containing the raw bytes individually formatted as unsigned numbers.
Note that this encoding is reversible (with the exception of the size limit).		 1.大于4096字节的字段被编码为空值。
(可以通过传递--all来关闭此功能, 但请注意, 这可能会分配过长的JSON对象。)
2.日记帐分录允许在同一日志分录中使用非唯一字段。
JSON不允许对象内的非唯一字段。
因此, 如果遇到非唯一字段, 则将JSON数组用作字段值, 并将所有字段值列为元素。
3.包含不可打印或非UTF8字节的字段被编码为包含原始字节的数组, 这些原始字节分别格式化为无符号数字。
请注意, 这种编码是可逆的(大小限制除外)。
适合阅读的多行 json-pretty formats entries as JSON data structures, but formats them in multiple lines in order to make them more readable by humans. 将条目格式化为JSON数据结构, 但将它们格式化为多行, 以使人们更容易阅读。
便于服务器发送 json-sse formats entries as JSON data structures, but wraps them in a format suitable for Server-Sent Events[3]. 将条目格式化为JSON数据结构, 但将其包装为适合于服务器发送事件的格式[3]。
json序列 json-seq formats entries as JSON data structures, but prefixes them with an ASCII Record Separator character (0x1E) and suffixes them with an ASCII Line Feed character (0x0A), in accordance with JavaScript Object Notation (JSON) Text Sequences[4] ("application/json-seq"). 按照JavaScript对象表示法(JSON)文本序列[4](" application / json-seq”)。
超简洁 cat generates a very terse output, only showing the actual message of each journal entry with no metadata, not even a timestamp. 生成非常简洁的输出, 仅显示每个日记帐分录的实际消息, 没有元数据, 甚至没有时间戳。
包含 单元 with-unit similar to short-full, but prefixes the unit and user unit names instead of the traditional syslog identifier.
Useful when using templated instances, as it will include the arguments in the unit names.		 与short-full相似, 但是在单元和用户单元名称之前加上前缀, 而不是传统的syslog标识符。
使用模板实例时很有用, 因为它将在单元名称中包含参数。
--output-fields= A comma separated list of the fields which should be included in the output.
This has an effect only for the output modes which would normally show all fields (verbose, export, json, json-pretty, json-sse and json-seq).
The "__CURSOR", "__REALTIME_TIMESTAMP", "__MONOTONIC_TIMESTAMP", and "_BOOT_ID" fields are always printed.		 以逗号分隔的字段列表, 应包含在输出中。
这仅对通常显示所有字段(verbose, export, json, json-pretty, json-sse and json-seq)的输出模式有效。
始终会打印"__CURSOR", "__REALTIME_TIMESTAMP", "__MONOTONIC_TIMESTAMP", and "_BOOT_ID"字段。
--utc Express time in Coordinated Universal Time (UTC). 以协调世界时(UTC)表示的时间。
--no-hostname Don't show the hostname field of log messages originating from the local host.
This switch has an effect only on the short family of output modes (see above).
Note: this option does not remove occurrences of the hostname from log entries themselves, so it does not prevent the hostname from being visible in the logs.		 不要显示源自本地主机的日志消息的主机名字段。
此开关仅对短系列的输出模式有效(请参见上文)。
注意: 此选项不会从日志条目本身中删除出现的主机名, 因此不会阻止主机名在日志中可见。
-x, --catalog Augment log lines with explanation texts from the message catalog.
This will add explanatory help texts to log messages in the output where this is available.
These short help texts will explain the context of an error or log event, possible solutions, as well as pointers to support forums, developer documentation, and any other relevant manuals.
Note that help texts are not available for all messages, but only for selected ones.
For more information on the message catalog, please refer to the Message Catalog Developer Documentation[5].
Note: when attaching journalctl output to bug reports, please do not use -x.		 消息目录中带有说明文本的增强日志行。
这将添加说明性帮助文本, 以将消息记录在可用的输出中。
这些简短的帮助文本将说明错误或日志事件的上下文, 可能的解决方案以及支持论坛, 开发人员文档和任何其他相关手册的指针。
请注意, 帮助文本并非适用于所有消息, 而仅适用于选定的消息。
有关消息目录的更多信息, 请参考消息目录开发人员文档[5]。
注意: 将journalctl输出附加到错误报告时, 请勿使用-x。
-q, --quiet Suppresses all informational messages (i.e. "-- Logs begin at ...", "-- Reboot --"), any warning messages regarding inaccessible system journals when run as a normal user. 禁止显示所有信息性消息(即"-日志从...开始”, "-重启-”), 以及有关以普通用户身份运行时无法访问的系统日志的任何警告消息。
-m, --merge Show entries interleaved from all available journals, including remote ones. 显示与所有可用日记(包括远程日记)交错的条目。
-b [[ID][±offset]|all], --boot[=[ID][±offset]|all] Show messages from a specific boot. This will add a match for "_BOOT_ID=".
The argument may be empty, in which case logs for the current boot will be shown.
If the boot ID is omitted, a positive offset will look up the boots starting from the beginning of the journal, and an equal-or-less-than zero offset will look up boots starting from the end of the journal.
Thus, 1 means the first boot found in the journal in chronological order, 2 the second and so on; while -0 is the last boot, -1 the boot before last, and so on.
An empty offset is equivalent to specifying -0, except when the current boot is not the last boot (e.g. because --directory was specified to look at logs from a different machine).
If the 32-character ID is specified, it may optionally be followed by offset which identifies the boot relative to the one given by boot ID.
Negative values mean earlier boots and positive values mean later boots.
If offset is not specified, a value of zero is assumed, and the logs for the boot given by ID are shown.
The special argument all can be used to negate the effect of an earlier use of -b.		 显示来自特定引导的消息。这将为" _BOOT_ID ="添加匹配项。
该参数可能为空, 在这种情况下, 将显示当前启动的日志。
如果省略引导ID, 则从日志的开头开始将查找正引导, 而从日志的末尾开始将查找等于或小于零的偏移。
因此, 1表示按时间顺序在日志中找到的第一个引导, 2表示第二个, 依此类推; -0是最后一次引导, -1是最后一次引导, 依此类推。
空偏移量等于指定-0, 除非当前引导不是最后一次引导(例如, 因为指定了—directory以查看来自另一台计算机的日志)。
如果指定了32个字符的ID, 则可以选择在其后跟偏移量, 该偏移量相对于引导ID给定的引导标识了引导。
负值表示较早启动, 正值表示较晚启动。
如果未指定offset, 则假定值为零, 并显示ID给出的引导日志。
特殊参数all可用于抵消-b的早期使用的影响。
--list-boots Show a tabular list of boot numbers (relative to the current boot), their IDs, and the timestamps of the first and last message pertaining to the boot. 以表格形式显示启动编号(相对于当前启动), 它们的ID以及与该启动有关的第一条消息和最后一条消息的时间戳。
-k, --dmesg Show only kernel messages. This implies -b and adds the match "_TRANSPORT=kernel". 仅显示内核消息。这意味着-b并添加匹配项" _TRANSPORT = kernel”。
-t, --identifier=SYSLOG_IDENTIFIER Show messages for the specified syslog identifier SYSLOG_IDENTIFIER.
This parameter can be specified multiple times.		 显示有关指定系统日志标识符SYSLOG_IDENTIFIER的消息。
可以多次指定此参数。
-u, --unit=UNIT|PATTERN Show messages for the specified systemd unit UNIT (such as a service unit), or for any of the units matched by PATTERN.
If a pattern is specified, a list of unit names found in the journal is compared with the specified pattern and all that match are used.
For each unit name, a match is added for messages from the unit ("_SYSTEMD_UNIT=UNIT"), along with additional matches for messages from systemd and messages about coredumps for the specified unit.
A match is also added for "_SYSTEMD_SLICE=UNIT", such that if the provided UNIT is a systemd.slice(5) unit, all logs of the children of the slice will be logged.
This parameter can be specified multiple times.		 显示有关指定系统单位UNIT(例如服务单位)或PATTERN匹配的任何单位的消息。
如果指定了模式, 则将日志中找到的单位名称列表与指定的模式进行比较, 并使用所有匹配的名称。
对于每个单元名称, 将为来自该单元的消息添加一个匹配项(" _SYSTEMD_UNIT = UNIT”), 并为来自systemd的消息和有关指定单元的核心转储的消息添加其他匹配项。
还为" _SYSTEMD_SLICE = UNIT”添加了一个匹配项, 因此, 如果提供的UNIT是systemd.slice(5)单元, 则将记录该片的子代的所有日志。
--user-unit= Show messages for the specified user session unit.
This will add a match for messages from the unit ("_SYSTEMD_USER_UNIT=" and "_UID=") and additional matches for messages from session systemd and messages about coredumps for the specified unit.
A match is also added for "_SYSTEMD_USER_SLICE=UNIT", such that if the provided UNIT is a systemd.slice(5) unit, all logs of the children of the unit will be logged.
This parameter can be specified multiple times.		 显示指定用户会话单元的消息。
这将为来自该单元的消息添加一个匹配项(" _SYSTEMD_USER_UNIT =”和" _UID =”), 并为来自会话systemd的消息和有关指定单元的核心转储的消息添加其他匹配项。
还为" _SYSTEMD_USER_SLICE = UNIT”添加了一个匹配项, 因此, 如果提供的UNIT是systemd.slice(5)单元, 则将记录该单元子级的所有日志。
-p, --priority= Filter output by message priorities or priority ranges.
Takes either a single numeric or textual log level (i.e. between 0/"emerg" and 7/"debug"), or a range of numeric/text log levels in the form FROM..TO.
The log levels are the usual syslog log levels as documented in syslog(3), i.e. "emerg" (0), "alert" (1), "crit" (2), "err" (3), "warning" (4), "notice" (5), "info" (6), "debug" (7).
If a single log level is specified, all messages with this log level or a lower (hence more important) log level are shown.
If a range is specified, all messages within the range are shown, including both the start and the end value of the range.
This will add "PRIORITY=" matches for the specified priorities.		 按消息优先级或优先级范围过滤输出。
采用单个数字或文本日志级别(即介于0 /" emerg”和7 /" debug”之间), 或采用FROM..TO形式的一系列数字/文本日志级别。
日志级别是syslog(3)中记录的常规syslog日志级别, 即" emerg”(0), " alert”(1), " crit”(2), " err”(3), " warning”( 4), "通知”(5), "信息”(6), "调试”(7)。
如果指定了单个日志级别, 那么将显示具有该日志级别或较低(因此更为重要)日志级别的所有消息。
如果指定了范围, 则显示该范围内的所有消息, 包括范围的开始和结束值。
这将为指定的优先级添加" PRIORITY ="匹配项。
--facility= Filter output by syslog facility. Takes a comma-separated list of numbers or facility names.
The names are the usual syslog facilities as documented in syslog(3).
--facility=help may be used to display a list of known facility names and exit.		 通过syslog工具过滤输出。以数字或设备名称的逗号分隔列表。
名称是syslog(3)中记录的常用syslog工具。
--facility = help可以用于显示已知设施名称的列表并退出。
-g, --grep= Filter output to entries where the MESSAGE= field matches the specified regular expression.
PERL-compatible regular expressions are used, see pcre2pattern(3) for a detailed description of the syntax.
If the pattern is all lowercase, matching is case insensitive. Otherwise, matching is case sensitive.
This can be overridden with the --case-sensitive option, see below.		 将输出过滤到MESSAGE =字段与指定的正则表达式匹配的条目。
使用与PERL兼容的正则表达式, 有关语法的详细说明, 请参见pcre2pattern(3)。
如果模式均为小写, 则匹配不区分大小写。
否则, 匹配区分大小写。可以使用--case-sensitive选项覆盖此参数, 请参见下文。
--case-sensitive[=BOOLEAN] Make pattern matching case sensitive or case insenstive. 使模式匹配区分大小写或不区分大小写。
-c, --cursor= Start showing entries from the location in the journal specified by the passed cursor. 从传递的光标指定的日志中开始显示条目中的位置。
--cursor-file=FILE If FILE exists and contains a cursor, start showing entries after this location.
Otherwise the show entries according the other given options.
At the end, write the cursor of the last entry to FILE.
Use this option to continually read the journal by sequentially calling journalctl.		 如果FILE存在并且包含光标, 则开始在该位置之后显示条目。
否则, 根据其他给定选项显示条目。
最后, 将最后一个条目的光标写入FILE。
使用此选项可通过顺序调用journalctl连续读取日记。
--after-cursor= Start showing entries from the location in the journal after the location specified by the passed cursor.
The cursor is shown when the --show-cursor option is used.		 在传递的光标指定的位置之后开始显示日记中该位置的条目。
使用--show-cursor选项时将显示光标。
--show-cursor The cursor is shown after the last entry after two dashes:
-- cursor: s=0639…
The format of the cursor is private and subject to change.		 光标显示在最后输入的两个破折号之后:
-- cursor: s=0639…
光标的格式是私有的, 可能会更改。
-S, --since=, -U, --until= Start showing entries on or newer than the specified date, or on or older than the specified date, respectively.
Date specifications should be of the format "2012-10-30 18:17:16". If the time part is omitted, "00:00:00" is assumed.
If only the seconds component is omitted, ":00" is assumed. If the date component is omitted, the current day is assumed.
Alternatively the strings "yesterday", "today", "tomorrow" are understood, which refer to 00:00:00 of the day before the current day, the current day, or the day after the current day, respectively. "now" refers to the current time.
Finally, relative times may be specified, prefixed with "-" or "+", referring to times before or after the current time, respectively.
For complete time and date specification, see systemd.time(7).
Note that --output=short-full prints timestamps that follow precisely this format.		 开始分别显示指定日期或更早或指定日期或更早的条目。
日期规范的格式应为" 2012-10-30 18:17:16”。如果省略时间部分, 则假定为" 00:00:00”。
如果仅省略秒部分, 则假定为": 00”。如果省略日期部分, 则假定为当前日期。
可替代地, 字符串"昨天”, "今天”, "明天”被理解为, 分别指的是当天, 当天或当天之后的一天的00: 00: 00。 "现在”是指当前时间。
最后, 可以指定相对时间, 以"-”或" +”为前缀, 分别指当前时间之前或之后的时间。有关完整的时间和日期规范, 请参见systemd.time(7)。
请注意, --output = short-full将完全按照此格式打印时间戳。
-F, --field= Print all possible data values the specified field can take in all entries of the journal. 打印指定字段可以在日记帐的所有条目中使用的所有可能的数据值。
-N, --fields Print all field names currently used in all entries of the journal. 打印当前在日记帐所有条目中使用的所有字段名称。
--system, --user Show messages from system services and the kernel (with --system).
Show messages from service of current user (with --user).
If neither is specified, show all messages that the user can see.		 显示来自系统服务和内核的消息(使用—system)。
显示来自当前用户服务的消息(使用—user)。
如果未指定, 则显示用户可以看到的所有消息。
-M, --machine= Show messages from a running, local container. Specify a container name to connect to. 显示来自正在运行的本地容器的消息。指定要连接的容器名称。
-D DIR, --directory=DIR Takes a directory path as argument.
If specified, journalctl will operate on the specified journal directory DIR instead of the default runtime and system journal paths.		 以目录路径作为参数。
如果指定, journalctl将在指定的日记目录DIR上运行, 而不是默认的运行时和系统日记路径。
--file=GLOB Takes a file glob as an argument.
If specified, journalctl will operate on the specified journal files matching GLOB instead of the default runtime and system journal paths.
May be specified multiple times, in which case files will be suitably interleaved.		 将文件全局作为参数。
如果指定, journalctl将在与GLOB匹配的指定日记文件上运行, 而不是默认的运行时和系统日记路径。
可以指定多次, 在这种情况下, 文件将被适当地交错。
--root=ROOT Takes a directory path as an argument.
If specified, journalctl will operate on journal directories and catalog file hierarchy underneath the specified directory instead of the root directory
(e.g. --update-catalog will create ROOT/var/lib/systemd/catalog/database, and journal files under ROOT/run/journal or ROOT/var/log/journal will be displayed).		 将目录路径作为参数。
如果指定, journalctl将在指定目录下而不是根目录下的日记目录和目录文件层次结构上运行
(例如, --update-catalog将创建ROOT / var / lib / systemd / catalog / database, 并在ROOT / run下创建日记文件/ journal或ROOT / var / log / journal将显示)。
--namespace=NAMESPACE Takes a journal namespace identifier string as argument.
If not specified the data collected by the default namespace is shown.
If specified shows the log data of the specified namespace instead.
If the namespace is specified as "*" data from all namespaces is shown, interleaved.
If the namespace identifier is prefixed with "+" data from the specified namespace and the default namespace is shown, interleaved, but no other.
For details about journal namespaces see systemd-journald.service(8).		 将日记名称空间标识符字符串作为参数。
如果未指定, 则显示默认名称空间收集的数据。
如果指定, 则显示指定名称空间的日志数据。如果将名称空间指定为" *”, 则会显示来自所有名称空间的数据, 并进行交错。
如果名称空间标识符以来自指定名称空间的" +”数据作为前缀, 并且默认名称空间显示, 交错显示, 但没有其他显示。
有关日记名称空间的详细信息, 请参见systemd-journald.service(8)。
--header Instead of showing journal contents, show internal header information of the journal fields accessed. 不显示日记内容, 而是显示所访问日记字段的内部标题信息。
--disk-usage Shows the current disk usage of all journal files. This shows the sum of the disk usage of all archived and active journal files. 显示所有日志文件的当前磁盘使用情况。这显示了所有已归档和活动日志文件的磁盘使用量总和。
--vacuum-size=, --vacuum-time=, --vacuum-files= Removes the oldest archived journal files until the disk space they use falls below the specified size (specified with the usual "K", "M", "G" and "T" suffixes), or all archived journal files contain no data older than the specified timespan (specified with the usual "s", "m", "h", "days", "months", "weeks" and "years" suffixes), or no more than the specified number of separate journal files remain.
Note that running --vacuum-size= has only an indirect effect on the output shown by --disk-usage, as the latter includes active journal files, while the vacuuming operation only operates on archived journal files.
Similarly, --vacuum-files= might not actually reduce the number of journal files to below the specified number, as it will not remove active journal files.
|| –vacuum-size=, --vacuum-time= and --vacuum-files= may be combined in a single invocation to enforce any combination of a size, a time and a number of files limit on the archived journal files.
Specifying any of these three parameters as zero is equivalent to not enforcing the specific limit, and is thus redundant.
|| These three switches may also be combined with --rotate into one command.
If so, all active files are rotated first, and the requested vacuuming operation is executed right after.
The rotation has the effect that all currently active files are archived (and potentially new, empty journal files opened as replacement), and hence the vacuuming operation has the greatest effect as it can take all log data written so far into account.		 删除最早的存档日记文件, 直到它们使用的磁盘空间小于指定的大小(以" K”, " M”, " G”和" T”后缀指定), 或者所有存档日志文件中的数据均不早于指定的时间跨度(使用后缀" s”, " m”, " h”, " days”, " months”, " weeks”和" years”指定)或不超过指定数量的单独日记文件。
请注意, 运行--vacuum-size =仅对--disk-usage显示的输出具有间接影响, 因为后者包括活动日志文件, 而清理操作仅对已存档的日志文件进行操作。
同样, -vacuum-files =可能实际上不会将日记文件的数量减少到指定数量以下, 因为它不会删除活动的日记文件。
|| –vacuum-size=, --vacuum-time= and –vacuum-files= 可以在一次调用中组合在一起, 以对归档的日志文件实施大小, 时间和文件数限制的任意组合。
将这三个参数中的任何一个指定为零等效于不执行特定限制, 因此是多余的。
|| 这三个开关也可以与—rotate组合成一个命令。
如果是这样, 则首先旋转所有活动文件, 然后立即执行请求的清理操作。
轮换的效果是所有当前活动的文件都已归档(并且可能打开了可能是新的空日志文件以进行替换), 因此, 清理操作的效果最大, 因为它可以考虑到目前为止已写入的所有日志数据。
--list-catalog [128-bit-ID...] List the contents of the message catalog as a table of message IDs, plus their short description strings.
If any 128-bit-IDs are specified, only those entries are shown.		 将消息目录的内容列为消息ID的表, 以及它们的简短描述字符串。
如果指定了任何128位ID, 则仅显示那些条目。
--dump-catalog [128-bit-ID...] Show the contents of the message catalog, with entries separated by a line consisting of two dashes and the ID (the format is the same as .catalog files).
If any 128-bit-IDs are specified, only those entries are shown.		 显示消息目录的内容, 并用由两个破折号和ID组成的行分隔条目(格式与.catalog文件相同)。
如果指定了任何128位ID, 则仅显示那些条目。
--update-catalog Update the message catalog index.
This command needs to be executed each time new catalog files are installed, removed, or updated to rebuild the binary catalog index.		 更新消息目录索引。
每次安装, 删除或更新新目录文件以重建二进制目录索引时, 都需要执行此命令。
--setup-keys Instead of showing journal contents, generate a new key pair for Forward Secure Sealing (FSS).
This will generate a sealing key and a verification key.
The sealing key is stored in the journal data directory and shall remain on the host.
The verification key should be stored externally.
Refer to the Seal= option in journald.conf(5) for information on Forward Secure Sealing and for a link to a refereed scholarly paper detailing the cryptographic theory it is based on.		 而不是显示日记内容, 而是生成用于前向安全密封(FSS)的新密钥对。
这将生成一个密封密钥和一个验证密钥。
密封密钥存储在日记数据目录中, 并且应保留在主机上。
验证密钥应存储在外部。
请参阅journald.conf(5)中的Seal =选项, 以获取有关正向安全密封的信息, 并链接至详细介绍了其密码学理论的参考学术论文的链接。
--force When --setup-keys is passed and Forward Secure Sealing (FSS) has already been configured, recreate FSS keys. 传递--setup-keys且已配置前向安全密封(FSS)后, 请重新创建FSS密钥。
--interval= Specifies the change interval for the sealing key when generating an FSS key pair with --setup-keys.
Shorter intervals increase CPU consumption but shorten the time range of undetectable journal alterations. Defaults to 15min.		 指定使用—setup-keys生成FSS密钥对时密封密钥的更改间隔。
较短的时间间隔会增加CPU消耗, 但会缩短无法检测到的日志更改的时间范围。默认为15分钟。
--verify Check the journal file for internal consistency.
If the file has been generated with FSS enabled and the FSS verification key has been specified with --verify-key=, authenticity of the journal file is verified.		 检查日志文件的内部一致性。
如果已在启用FSS的情况下生成文件, 并且已通过--verify-key =指定了FSS验证密钥, 则将验证日志文件的真实性。
--verify-key= Specifies the FSS verification key to use for the --verify operation. 指定用于--verify操作的FSS验证密钥。
--sync Asks the journal daemon to write all yet unwritten journal data to the backing file system and synchronize all journals.
This call does not return until the synchronization operation is complete.
This command guarantees that any log messages written before its invocation are safely stored on disk at the time it returns.		 要求日志守护程序将所有尚未写入的日志数据写入后备文件系统并同步所有日志。
在同步操作完成之前, 该调用不会返回。
此命令保证在调用之前写的任何日志消息在返回时都安全地存储在磁盘上。
--flush Asks the journal daemon to flush any log data stored in /run/log/journal/ into /var/log/journal/, if persistent storage is enabled.
This call does not return until the operation is complete.
Note that this call is idempotent: the data is only flushed from /run/log/journal/ into /var/log/journal once during system runtime (but see --relinquish-var below), and this command exits cleanly without executing any operation if this has already happened.
This command effectively guarantees that all data is flushed to /var/log/journal at the time it returns.		 如果启用了持久性存储, 则要求日志后台程序将存储在/ run / log / journal /中的所有日志数据刷新到/ var / log / journal /中。
在操作完成之前, 该调用不会返回。
请注意, 此调用是幂等的: 在系统运行时, 数据仅从/ run / log / journal /刷新到/ var / log / journal一次(但请参见下面的--relinquish-var), 并且此命令干净地退出而不执行任何命令操作, 如果这已经发生。
此命令有效地保证所有数据在返回时都被刷新到/ var / log / journal。
--relinquish-var Asks the journal daemon for the reverse operation to --flush: if requested the daemon will write further log data to /run/log/journal/ and stops writing to /var/log/journal/.
A subsequent call to --flush causes the log output to switch back to /var/log/journal/, see above.		 要求日志守护程序进行--flush的反向操作: 如果请求, 守护程序将进一步的日志数据写入/ run / log / journal /, 并停止写入/ var / log / journal /。
随后对--flush的调用导致日志输出切换回/ var / log / journal /, 请参见上文。
--smart-relinquish-var Similar to --relinquish-var but executes no operation if the root file system and /var/lib/journal/ reside on the same mount point.
This operation is used during system shutdown in order to make the journal daemon stop writing data to /var/log/journal/ in case that directory is located on a mount point that needs to be unmounted.		 与--relinquish-var相似, 但是如果根文件系统和/ var / lib / journal /位于相同的安装点上, 则不执行任何操作。
在系统关闭期间使用此操作, 以使日志后台驻留程序停止将数据写入/ var / log / journal /, 以防该目录位于需要卸载的安装点上。
--rotate Asks the journal daemon to rotate journal files.
This call does not return until the rotation operation is complete.
Journal file rotation has the effect that all currently active journal files are marked as archived and renamed, so that they are never written to in future.
New (empty) journal files are then created in their place.
This operation may be combined with --vacuum-size=, --vacuum-time= and --vacuum-file= into a single command, see above.		 要求日志守护程序旋转日志文件。
旋转操作完成之前, 此调用不会返回。
日志文件轮换的作用是将所有当前活动的日志文件标记为已存档并重命名, 以便将来不再写入。
然后在其位置创建新的(空)日记文件。
该操作可以与--vacuum-size =, --vacuum-time =和--vacuum-file =组合为一个命令, 请参见上文。
-h, --help Print a short help text and exit. 打印简短的帮助文本并退出。
--version Print a short version string and exit. 打印简短的版本字符串并退出。
--no-pager Do not pipe output into a pager. 不要将输出通过管道传给寻呼机。

3. ENVIRONMENT

$SYSTEMD_PAGER Pager to use when --no-pager is not given; overrides $PAGER.
If neither $SYSTEMD_PAGER nor $PAGER are set, a set of well-known pager implementations are tried in turn, including less(1) and more(1), until one is found.
If no pager implementation is discovered no pager is invoked.
Setting this environment variable to an empty string or the value "cat" is equivalent to passing --no-pager.		 未提供--no-pager时使用的寻呼机; 覆盖$ PAGER。
如果没有设置$ SYSTEMD_PAGER和$ PAGER, 则依次尝试一组众所周知的寻呼机实现, 包括less(1)和more(1), 直到找到一个。
如果未找到任何寻呼机实现, 则不会调用任何寻呼机。
将此环境变量设置为空字符串或值" cat”等效于传递--no-pager。
$SYSTEMD_LESS Override the options passed to less (by default "FRSXMK").
Users might want to change two options in particular:		 覆盖传递给less的选项(默认为" FRSXMK”)。
用户可能要特别更改两个选项:
  K This option instructs the pager to exit immediately when Ctrl+C is pressed.
To allow less to handle Ctrl+C itself to switch back to the pager command prompt, unset this option.
|| If the value of $SYSTEMD_LESS does not include "K", and the pager that is invoked is less, Ctrl+C will be ignored by the executable, and needs to be handled by the pager.		 当按下Ctrl + C时, 此选项指示寻呼机立即退出。
要让更少的人处理Ctrl + C本身以切换回寻呼机命令提示符, 请取消设置此选项。
|| 如果$ SYSTEMD_LESS的值不包括" K”, 并且被调用的寻呼机较少, 则Ctrl + C将被可执行文件忽略, 并且需要由寻呼机处理。
  X This option instructs the pager to not send termcap initialization and deinitialization strings to the terminal.
It is set by default to allow command output to remain visible in the terminal even after the pager exits.
Nevertheless, this prevents some pager functionality from working, in particular paged output cannot be scrolled with the mouse.
See less(1) for more discussion.		 此选项指示寻呼机不要将termcap初始化和反初始化字符串发送到终端。
默认情况下, 它已设置为即使在退出寻呼机后也允许命令输出在终端中保持可见。
但是, 这阻止了某些寻呼机功能的工作, 特别是分页输出无法用鼠标滚动。
有关更多讨论, 请参见less(1)。
$SYSTEMD_LESSCHARSET Override the charset passed to less (by default "utf-8", if the invoking terminal is determined to be UTF-8 compatible). 覆盖传递给less的字符集(如果确定调用的终端与UTF-8兼容, 则默认为" utf-8”)。
$SYSTEMD_COLORS The value must be a boolean.
Controls whether colorized output should be generated.
This can be specified to override the decision that systemd makes based on $TERM and what the console is connected to.		 该值必须是布尔值。
控制是否应生成彩色输出。
可以指定它来替代systemd基于$ TERM和控制台连接的内容做出的决定。
$SYSTEMD_URLIFY The value must be a boolean.
Controls whether clickable links should be generated in the output for terminal emulators supporting this.
This can be specified to override the decision that systemd makes based on $TERM and other conditions.		 该值必须是布尔值。
控制是否应在支持此功能的终端仿真器的输出中生成可单击的链接。
可以指定它来覆盖systemd基于$ TERM和其他条件做出的决定。

4. EXAMPLES

Without arguments, all collected logs are shown unfiltered:
不带参数的情况下, 所有收集的日志均显示为未过滤:
journalctl
With one match specified, all entries with a field matching the expression are shown:
指定一个匹配项后, 将显示具有与表达式匹配的字段的所有条目:
journalctl _SYSTEMD_UNIT=avahi-daemon.service
journalctl _SYSTEMD_CGROUP=/user.slice/user-42.slice/session-c1.scope
If two different fields are matched, only entries matching both expressions at the same time are shown:
如果两个不同的字段匹配, 则仅显示同时匹配两个表达式的条目:
journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=28097
If two matches refer to the same field, all entries matching either expression are shown:
如果两个匹配项引用相同的字段, 那么将显示与任一表达式匹配的所有条目:
journalctl _SYSTEMD_UNIT=avahi-daemon.service _SYSTEMD_UNIT=dbus.service
If the separator "+" is used, two expressions may be combined in a logical OR.
The following will show all messages from the Avahi service process with the PID 28097 plus all messages from the D-Bus service (from any of its processes):
如果使用分隔符" +”, 则两个表达式可以逻辑或的方式组合。
下面将显示带有PID 28097的Avahi服务进程的所有消息以及D-Bus服务(来自其任何进程)的所有消息:
journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=28097 + _SYSTEMD_UNIT=dbus.service
To show all fields emitted by a unit and about the unit, option -u/--unit= should be used. Journalctl -u name expands to a complex filter similar to
要显示一个单元发出的以及关于该单元的所有字段, 应使用选项-u /-unit =。 Journalctl -u名称扩展为类似于以下内容的复杂过滤器
_SYSTEMD_UNIT=name.service
+ UNIT=name.service _PID=1
+ OBJECT_SYSTEMD_UNIT=name.service _UID=0
+ COREDUMP_UNIT=name.service _UID=0 MESSAGE_ID=fc2e22bc6ee647b6b90729ab34a250b1
(see systemd.journal-fields(5) for an explanation of those patterns).
(有关这些模式的说明, 请参见systemd.journal-fields(5))。
Show all logs generated by the D-Bus executable:
显示D-Bus可执行文件生成的所有日志:
journalctl /usr/bin/dbus-daemon
Show all kernel logs from previous boot:
显示上一次引导的所有内核日志:
journalctl -k -b -1
Show a live log display from a system service apache.service:
从系统服务apache.service显示实时日志显示:
journalctl -f -u apache

5. NOTES

NOTES

日记帐导出格式 Journal Export Format
https://www.freedesktop.org/wiki/Software/systemd/export
日记JSON格式 Journal JSON Format
https://www.freedesktop.org/wiki/Software/systemd/json
服务器发送的事件 Server-Sent Events
https://developer.mozilla.org/en-US/docs/Server-sent_events/Using_server-sent_events
JavaScript对象符号(JSON)文本序列 JavaScript Object Notation (JSON) Text Sequences
https://tools.ietf.org/html/rfc7464
消息目录开发人员文档 Message Catalog Developer Documentation
https://www.freedesktop.org/wiki/Software/systemd/catalog


EXIT STATUS: On success, 0 is returned; otherwise, a non-zero failure code is returned.

SEE ALSO: systemd(1), systemd-journald.service(8), systemctl(1), coredumpctl(1), systemd.journal-fields(7), journald.conf(5), systemd.time(7), systemd-journal-remote.service(8), systemd-journal-upload.service(8)