Read logs with journalctl
journalctl
is one of the best tools I’ve learned to use often when debugging my set of chaos services running Podman via systemd on my Raspberry Pi. Lots still to learn, but here are a few tidbits.
Find out what your options are
If you print out the journalctl results with no filters it can be way overwhelming. But figuring out what field to filter can seem impossible. For example, specific services will include their own fields. How are you to figure out what they are?
Try this nifty trick. It’ll print out every field for the last log. Should give you a baseline, and find a more specific log entry to get program-specific fields.
journalctl -n 1 -o json-pretty
When you have a promising field, run the next query to learn every possible value of that field in the journal. Try the SYSLOG_IDENTIFIER!
sudo journalctl -F SYSLOG_IDENTIFIER
Filter by your systemd unit file
It’s common to need only the results from a single systemd unit file. Gotcha covered. I also like to see most recent at the top, which is what --reverse
is doing.
journalctl --reverse -n 100 -u container-micropub.service
Print a field to file
Sometimes you want to parse the results in your own text editor. This is a query I ran to get a bunch of UFW block messages so I could look more closely at them.
journalctl --since yesterday _TRANSPORT=kernel --output-fields=MESSAGE -o cat > ufw.log
Show only Podman logs for a systemd unit file
If you’re running nonroot Podman containers, you can still use journalctl. Here’s a query that will get your user’s logs. It’ll even filter out the systemd logs so you can just see what the container has been outputting.
journalctl --user -n 1000 --reverse -u container-webhook SYSLOG_IDENTIFIER=podman