Viewing the last lines of the postfix log with journalctl (with help from Unix & Linux Stack Exchange)
Posted by jpluimers on 2022/02/24
Two command-lines I use to view my Postfix logs:
journalctl --unit postfix --since "2 days ago"journalctl --unit postfix --pager-end
Note that neither of these work well with the
--follow(or equivalent-f) option, as this will effectively disable the pager (which by default isless).
The second is via [Wayback] systemd – How to see the latest x lines from systemctl service log – Unix & Linux Stack Exchange (which got the--pagerend bit wrong, as it misses a dash and should be --pager-end, but still thanks [Wayback] Daniel Kmak):
Just:
journalctl -u SERVICE_NAME -eParameter
-estands for:-e –pagerend
…
That’s the one ! Other answers will go through the whole log to get to its end, which can be veeeeery long for large syslogs.
The last bit (by [Wayback] Léo Germond, thanks!) is why I like it most.
Similarly, specifying --since in the first example will not go through the whole log.
Some background information:
- [Wayback] journalctl(1) options — systemd — Debian stretch — Debian Manpages:
-e, --pager-endImmediately jump to the end of the journal inside the implied pager tool. This implies-n1000to guarantee that the pager will not buffer logs of unbounded size. This may be overridden with an explicit-nwith some other numeric value, while-nallwill disable this cap. Note that this option is only supported for the less(1) pager.…
-S, --since=, -U, --until=Start showing entries on or newer than the specified date, or on or older than the specified date, respectively. Date specifications should be of the format “2012-10-30 18:17:16”. If the time part is omitted, “00:00:00” is assumed. If only the seconds component is omitted, “:00” is assumed. If the date component is omitted, the current day is assumed. Alternatively the strings “yesterday”, “today”, “tomorrow” are understood, which refer to 00:00:00 of the day before the current day, the current day, or the day after the current day, respectively. “now” refers to the current time. Finally, relative times may be specified, prefixed with “-” or “+”, referring to times before or after the current time, respectively. For complete time and date specification, see [Wayback] systemd.time(7). Note that--output=short-fullprints timestamps that follow precisely this format. -
[Wayback] systemd.time(7) — systemd — Debian stretch — Debian Manpages:
Examples for valid timestamps and their normalized form (assuming the current time was 2012-11-23 18:15:22 and the timezone was UTC+8, for example TZ=Asia/Shanghai):
Fri 2012-11-23 11:12:13 → Fri 2012-11-23 11:12:13 2012-11-23 11:12:13 → Fri 2012-11-23 11:12:13 2012-11-23 11:12:13 UTC → Fri 2012-11-23 19:12:13 2012-11-23 → Fri 2012-11-23 00:00:00 12-11-23 → Fri 2012-11-23 00:00:00 11:12:13 → Fri 2012-11-23 11:12:13 11:12 → Fri 2012-11-23 11:12:00 now → Fri 2012-11-23 18:15:22 today → Fri 2012-11-23 00:00:00 today UTC → Fri 2012-11-23 16:00:00 yesterday → Fri 2012-11-22 00:00:00 tomorrow → Fri 2012-11-24 00:00:00 +3h30min → Fri 2012-11-23 21:45:22 -5s → Fri 2012-11-23 18:15:17 11min ago → Fri 2012-11-23 18:04:22 @1395716396 → Tue 2014-03-25 03:59:56
–jeroen
The Wiert Corner - irregular stream of stuff 
Leave a Reply