F20 - Unintended consequences of no default MTA - How best to fix
Joonas Sarajärvi
muep at iki.fi
Tue Dec 31 21:49:06 UTC 2013
2013/12/31 Joe Zeff <joe at zeff.us>:
> Not always. As an example, I'm getting error messages at boot time on my
> laptop about [sdb] even though there isn't one. Locating them with
> journalctl would require me to know exactly what field to look for, instead
> of just doing this as root:
>
> cat /var/log/messages | grep [sdb]
>
> Of course, if you do know the field name, such as when you're looking for
> messages from a service started at boot by systemd, journalctl may well be
> your best bet. It all depends on what you're looking for and what info you
> already have.
Journalctl does not prevent you from using generic text search tools
like grep. For example, this should have pretty same results as your
example:
journalctl | grep [sdb]
You would likely want to limit the journalctl command a bit to avoid
searching from the entire locally stored history. This can be avoided
by using journalctl -b or journalctl --since -7d or some other
parameters that limit the search to just the recent logs.
If I was looking for something sdb related problem, my preferred way
to start looking for it would be to run maybe journalctl --since -7d
and then use the text search of less to point me at the relevant parts
of the log. Often it is useful to not immediately trim out all except
the lines that match some search. OTOH if you need specifically that,
you can use grep like you could with a plaintext syslog file.
-Joonas
More information about the users
mailing list