Logs with journalctl.
systemd collects every service's output into one structured journal β then journalctl lets you slice it by unit, time, and priority. Learn the handful of filters that turn a wall of logs into the three lines that actually matter.
Logs with journalctl animated tutorial. The systemd journal, filtering by unit (-u), priority (-p), and time (--since/--until), following live logs (-f), listing boots (-b), and configuring a persistent journal. RHCSA EX200 ready.systemd funnels every service's output into one structured, queryable journal. Watch each filter narrow a wall of logs down to the lines that matter.
- Β·Comfortable starting/checking services with systemctl
- Β·Helpful: the systemd targets lesson (units, services)
- Β·Know roughly what stdout/stderr are
Filter the journal by unit, priority, and time; follow logs live; inspect previous boots; and make the journal persistent.
pace: 9 minutes
The journal β one structured log for everything
On systemd systems, every service's stdout/stderr and every kernel message lands in ONE place: the journal. It's binary and indexed (not plain text), so you can query it by field β which unit, which priority, which time β instead of grepping scattered files. `journalctl` with no arguments prints all of it, oldest first.
$journalctl$journalctl -e$journalctl -n 20The journal is structured, not plain text. Every entry carries fields β unit, priority, PID, timestamp, and more β so journalctl filters are exact and composable. The real skill isn't reading logs, it's stacking filters: journalctl -u nginx -p err --since "1 hour ago" turns thousands of lines into the three that explain the outage.
$journalctl -u UNIT$journalctl -p err$journalctl --since "09:18"$journalctl --until "10:00"$journalctl -f$journalctl -e$journalctl -n 50$journalctl -r$journalctl -b / -b -1$journalctl --list-boots$journalctl -k$journalctl _PID=1234$journalctl -o json-pretty$journalctl --disk-usage$journalctl --vacuum-time=2weeks$/etc/systemd/journald.confYou want to see only the logs for the nginx service. Which command?
`journalctl -p err` is running. A 'warning' message appears. Is it shown?
A server crashed and rebooted. You want the logs from BEFORE the reboot. What do you run β and what might prevent it from working?
You want to watch a service's logs live while you reproduce a bug. Best command?
These aren't graded β they're just for active recall, which is what actually makes the lesson stick.
systemd targets & units
Every line in the journal comes from a unit. Understand how systemd starts and supervises those services, and the `-u` filter suddenly makes total sense.
keep going β these pair well with what you just learned.
SELinux contexts
Why Apache can't read your file. Watch the policy engine decide β and learn the workflow for fixing denials. RHCSA-ready.
Linux boot process
From power button to login prompt. Every stage in the chain β UEFI, GRUB, kernel, initramfs, systemd β with the rescue moves that save you. RHCSA-ready.
LVM stacking
Layer-by-layer build of an LVM stack: disks β PVs β VG β LVs β filesystem. Then extend live and snapshot. RHCSA-ready.