The Journal is a modern logging system that is part of systemd, replacing traditional logging mechanisms such as syslog. It provides efficient log management, indexing, and searching. The primary tool for working with the Journal is journalctl.

Advantages of Using systemd Journal

• Binary format – faster access and indexing compared to text files
• Structured logs – allows filtering by services, users, or time ranges
• Persistence – logs can be stored on disk or kept in memory only
• Integrated with systemd – improved logging management for systemd services

Basic Usage of journalctl

Journalctl allows access to logs using various filters and parameters.

• Display all logs:

  journalctl
  

•  Real-time (live log monitoring):

  journalctl -f
  

• Logs from the last boot:

  journalctl -b
  

•  Filter logs by service:

  journalctl -u sshd
  

• Logs for a specific user:

  journalctl _UID=1000
  

Managing and Cleaning Logs
Since Journal logs can grow quickly, managing them properly is important.

• Check log size:

  journalctl --disk-usage
  

• Limit log size:
  In the /etc/systemd/journald.conf file, set:

  SystemMaxUse=500M
  ​

• Manually delete old logs:

  journalctl --vacuum-size=100M
  

• Deletes old logs until the total log size is reduced below 100 MB.

  journalctl --vacuum-time=2weeks
  ​

The Linux Journal provides a powerful and flexible logging system with advanced filtering and management options. Using journalctl simplifies log handling and allows quick diagnostics of system issues.