Quick Plot

After more than 10 years of development, systemd has undeniably arrived. The systemd system and service manager still does not find undivided approval in the open source community, but the discussions centered on what was once a very controversial topic have calmed down. No matter what you think of systemd, it has improved a few things.

One of the benefits of systemd is its ability to log information, warnings, and errors. In systemd, the component responsible for logging is known as the journal. Systemd-journald provides much more data than conventional log files /var/log/messages or /var/log/syslog that have been used for decades. In some cases, the journal even includes metadata that you can use to refine your journal searches.

Systemd's journaling results in a high volume of data that would be difficult to handle with conventional text files. Because of this high volume, systemd stores the data in binary files that can be read with the journalctl command. Various programs and services, and even the kernel, write their log entries to the journal. The systemd journal combines all these logs and offers various options for finding the information you need in a targeted way.

QJournalctl [1] is a graphical user interface you can use to view and navigate the systemd journal. Versions of QJournalctl are available for Linux, MacOS, and Windows systems. QJournalctl does not support all the capabilities available at the command line through the journalctl command, but it does offer some important options that will save you time and help you track down real-world problems on your Linux system.

Installing

In distributions based on Arch Linux, you can install QJournalctl version 0.6.3 by typing:

sudo pacman -S qjournalctl

Gentoo provides an ebuild file. For DEB- and RPM-based distros, you might need to build the application from source. The developer does provide a Debian package [2], but, at this writing, the Debian package includes a dependency – libssh 0.8.7 – that neither Debian, nor Ubuntu, nor their derivatives provide in the required version. So you might need to build the libssh yourself (Listing 1) before you can install the DEB package. But because you are working at the command line anyway, it makes sense to compile QJournalctl from the source code right from the outset (Listing 2).

$ sudo apt install qtbase5-dev cmake libssl-dev pkg-config git
$ wget https://www.libssh.org/files/0.9/libssh-0.9.5.tar.xz
$ tar xf libssh-0.9.5.tar.xz
$ cd libssh-0.9.5
$ mkdir build
$ cd build
$ cmake
$ sudo make install

$ mkdir -p QJournalctl
$ cd QJournalctl
$ git clone https://github.com/pentix/QJournalctl.git
$ cd QJournalctl
$ ./autogensh
$ make -j$(nproc)
$ sudo make install

Fedora 34 and openSUSE Leap 15.2 come with the correct version of libssh, in which case, you only need to install the dependency and build QJournalctl (Listing 3).

$ sudo dnf install libssh-devel qt5-qtbase-devel git
$ mkdir -p QJournalctl
$ cd QJournalctl
$ git clone https://github.com/pentix/QJournalctl.git
$ cd QJournalctl
$ ./autogensh
$ /usr/bin/qmake-qt5
$ make -j$ (nproc)
$ sudo make install

Getting Started

After opening QJournalctl, you first see a large amount of free space and no journal. The menu at the top is also quite sparse. Below it are three tabs, the first of which is probably the most commonly used because it opens the boot log for the current session.

Clicking on this tab opens a new window with the boot log from the last boot. At first, you will hopefully only find a few lines – and ideally, nothing. If you let your eyes wander to the bar below Priority, you will soon understand why (Figure 1).

Figure 1: The most common use case for QJournalctl is to view the log for the current boot process. QJournalctl works in realtime mode and displays incoming log messages directly during runtime.

By default, the priority of the default syslog level is set to critical (2), so you will only see messages that are considered critical by the system. Drag the slider to the right, and you will see progressively more messages until you get to debug (7).

In the terminal, you would set this priority by typing journalctl -p7. The info (6) level is typically fine. Between levels 2 and 6, the number of lines displayed in our test increased from less than 10 to several thousand since the last boot (which was four days ago).

A total of six boot processes spanning four months were stored on the test system, claiming around 4GB of disk space. The system sets a limit, even if you have not set a maximum size yourself – but more on that later.

Filtering and Exporting

QJournalctl offers even more filter options: At the very top, below Date / Time, you can specify the time window for the log display. If you also know exactly what you are looking for, you can use the filter function to further narrow down a specific bug or problem. For example, if you only want to see lines relating to the kernel or NVidia, enter the command in the filter line and press the button labeled Filter.

The middle tab in the main window lists all existing journal entries for previous boot actions. You can then select the matching logs by clicking on an entry. You can access all the stored logs at once by selecting Show the complete journal from the main menu under the first tab.

On a PC with a Ryzen-7 CPU, viewing all saved logs in unfiltered form took about a minute and returned more than 6 million lines. You can query the total size in the main menu using the menu item Journalctl | Size of the journal on the disk (Figure 2).

Figure 2: The middle tab lists all stored logs. After selecting the desired log, you can change the display direction and then start to display with the right tab.

If you want to process a log in another way or simply save it, just export it to any path using the Export the filtered journal button. If you only need an excerpt of the displayed log, select it and save it by pressing the Export Selection button.