我想查看所有日期内在指定时间范围(08:00 - 11:00)内创建的日志消息。
如果我使用:
journalctl --since 08:00 --until 11:00
它仅显示当天的日志。
有什么想法吗?
答案 0 :(得分:1)
First of all - where is your journalctl log file? Default journalctl collect logs since the launch of the system.
By default, the log file is in /var/log/journal. If this dir isn't exist set Storage=persistent in /etc/systemd/journald.conf and run systemctl restart systemd-journald.
And when journalctl saves all messages/events on all the days or when the system collects logs from a few days of the save settings day You can draw some interesting informations from journalctl in this way:
# Define year
year="2016"
# Defines the month in which you want to search
months=(08 09 10)
for i in "${months[@]}" ; do
# To set a range of days: 14 - 20
for j in `seq 14 20` ; do
journalctl --since "${year}-${i}-${j} 08:00:00" --until "${year}-${i}-${j} 11:00:00" >> /tmp/journal.${year}-${i}-${j}.log
done
done
If you want to check days from 1 to 9 will probably need to add a mechanism for adding 0 (01, 02, 03, ..., 09).
This is an example so you have to adjust it to your needs.