ubuntu服务日志分析——journalctl

简介

对于使用 systemd 服务的 Linux 发行版来说，journalctl 命令提供了详细且经过筛选的日志视图，是获取 Linux 重启历史记录的得力工具

systemd帮助我们记录了系统在运行过程中的所有日志信息，无论是重启前还是重启后，都会有保留。一般情况下， 我们通常到/var/log/xxx.log挨个找日志记录，有时候日志会被压缩，或者日志分配在不同的文件，分析起来很费劲。

systemd提供的journalctl很好的帮助我们解决了以上问题。

常用方法

1. 获取boot信息

[ 2023-12-07 10:58:31 ] root@localhost:~# journalctl --list-boots
[ 2023-12-07 10:58:31 ] -3 7846f4280f28422a96645143f1d966ed Thu 2023-12-07 09:58:34 CST—Thu 2023-12-07 10:24:25 CST
[ 2023-12-07 10:58:31 ] -2 b20eb9b7b2964138af04536608a5c712 Tue 2023-12-05 19:56:10 CST—Wed 2023-12-06 09:27:24 CST
[ 2023-12-07 10:58:31 ] -1 70d11f7975854356940968a86a2ba353 Thu 2023-12-07 10:25:58 CST—Thu 2023-12-07 10:44:25 CST
[ 2023-12-07 10:58:31 ]  0 598ad1e7586346c8a25bfc23bded7a6a Thu 2023-12-07 10:45:58 CST—Thu 2023-12-07 10:58:30 CST

1. 获取某次boot的日志信息

root@localhost:~# journalctl --boot=70d11f7975854356940968a86a2ba353
-- Logs begin at Tue 2023-12-05 19:56:10 CST, end at Thu 2023-12-07 11:01:06 CST. --
12月 07 10:25:58 localhost kernel: Linux version 5.15.0-56-generic (buildd@lcy02-amd64-102) (gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0, GNU ld (GNU Binutils for Ubuntu)>
12月 07 10:25:58 localhost kernel: Command line: BOOT_IMAGE=/boot/vmlinuz-5.15.0-56-generic root=/dev/nvme0n1p3 ro console=tty0 console=ttyS0,115200n8 net.ifnames=0 bio>
12月 07 10:25:58 localhost kernel: KERNEL supported cpus:
12月 07 10:25:58 localhost kernel:   Intel GenuineIntel
12月 07 10:25:58 localhost kernel:   AMD AuthenticAMD
12月 07 10:25:58 localhost kernel:   Hygon HygonGenuine
12月 07 10:25:58 localhost kernel:   Centaur CentaurHauls
12月 07 10:25:58 localhost kernel:   zhaoxin   Shanghai  
12月 07 10:25:58 localhost kernel: x86/split lock detection: #AC: crashing the kernel on kernel split_locks and warning on user-space split_locks
12月 07 10:25:58 localhost kernel: x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
12月 07 10:25:58 localhost kernel: x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
12月 07 10:25:58 localhost kernel: x86/fpu: Enabled xstate features 0x3, context size is 576 bytes, using 'compacted' format.
12月 07 10:25:58 localhost kernel: signal: max sigframe size: 1520
12月 07 10:25:58 localhost kernel: BIOS-provided physical RAM map:
12月 07 10:25:58 localhost kernel: BIOS-e820: [mem 0x0000000000000000-0x000000000009efff] usable
12月 07 10:25:58 localhost kernel: BIOS-e820: [mem 0x000000000009f000-0x00000000000fffff] reserved
12月 07 10:25:58 localhost kernel: BIOS-e820: [mem 0x0000000000100000-0x0000000066f1ffff] usable
12月 07 10:25:58 localhost kernel: BIOS-e820: [mem 0x0000000066f20000-0x000000006941ffff] reserved
12月 07 10:25:58 localhost kernel: BIOS-e820: [mem 0x0000000069420000-0x000000006969ffff] ACPI data
12月 07 10:25:58 localhost kernel: BIOS-e820: [mem 0x00000000696a0000-0x000000006979ffff] ACPI NVS
12月 07 10:25:58 localhost kernel: BIOS-e820: [mem 0x00000000697a0000-0x0000000069ffefff] reserved
12月 07 10:25:58 localhost kernel: BIOS-e820: [mem 0x0000000069fff000-0x0000000069ffffff] usable
12月 07 10:25:58 localhost kernel: BIOS-e820: [mem 0x000000006a000000-0x000000006fbfffff] reserved
12月 07 10:25:58 localhost kernel: BIOS-e820: [mem 0x00000000c0000000-0x00000000cfffffff] reserved
12月 07 10:25:58 localhost kernel: BIOS-e820: [mem 0x00000000fe000000-0x00000000fe010fff] reserved
12月 07 10:25:58 localhost kernel: BIOS-e820: [mem 0x00000000fec00000-0x00000000fec00fff] reserved
12月 07 10:25:58 localhost kernel: BIOS-e820: [mem 0x00000000fed00000-0x00000000fed00fff] reserved
12月 07 10:25:58 localhost kernel: BIOS-e820: [mem 0x00000000fed20000-0x00000000fed7ffff] reserved
12月 07 10:25:58 localhost kernel: BIOS-e820: [mem 0x00000000fee00000-0x00000000fee00fff] reserved
12月 07 10:25:58 localhost kernel: BIOS-e820: [mem 0x00000000ff000000-0x00000000ffffffff] reserved
12月 07 10:25:58 localhost kernel: BIOS-e820: [mem 0x0000000100000000-0x00000004903fffff] usable
12月 07 10:25:58 localhost kernel: NX (Execute Disable) protection: active
12月 07 10:25:58 localhost kernel: efi: EFI v2.70 by American Megatrends
12月 07 10:25:58 localhost kernel: efi: ACPI=0x6974a000 ACPI 2.0=0x6974a014 TPMFinalLog=0x6974d000 SMBIOS=0x69d6e000 SMBIOS 3.0=0x69d6d000 MEMATTR=0x644ef318 ESRT=0x660>
12月 07 10:25:58 localhost kernel: efi: seeding entropy pool
12月 07 10:25:58 localhost kernel: random: crng init done
12月 07 10:25:58 localhost kernel: secureboot: Secure boot disabled
12月 07 10:25:58 localhost kernel: SMBIOS 3.3.0 present.
12月 07 10:25:58 localhost kernel: DMI: To be filled by O.E.M To be filled by O.E.M/To be filled by O.E.M, BIOS 5.19 05/25/2023
12月 07 10:25:58 localhost kernel: tsc: Detected 2000.000 MHz processor
12月 07 10:25:58 localhost kernel: tsc: Detected 1996.800 MHz TSC
12月 07 10:25:58 localhost kernel: e820: update [mem 0x00000000-0x00000fff] usable ==> reserved
12月 07 10:25:58 localhost kernel: e820: remove [mem 0x000a0000-0x000fffff] usable
12月 07 10:25:58 localhost kernel: last_pfn = 0x490400 max_arch_pfn = 0x400000000
12月 07 10:25:58 localhost kernel: x86/PAT: Configuration [0-7]: WB  WC  UC- UC  WB  WP  UC- WT  
12月 07 10:25:58 localhost kernel: last_pfn = 0x6a000 max_arch_pfn = 0x400000000
12月 07 10:25:58 localhost kernel: esrt: Reserving ESRT space from 0x000000006609d498 to 0x000000006609d4d0.
12月 07 10:25:58 localhost kernel: e820: update [mem 0x6609d000-0x66