I have arch linux failing on a device. The device doesn’t have any screen, it doesn’t respond to network. So I take its SD card, insert it in ubuntu desktop, see a fresh system.journal there and… How to see what is inside?
From the Arch Linux documentation I know that I can do:
strings /mnt/arch/var/log/journal/.../system.journal | grep -i message
But it is really basic. The question is:
Is there more convenient way to inspect system.journal from another system, than using strings? Can I for example specify the file to read for journalctl?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
First, the ability to use strings stems from a mere coincidence in that journald does not compress small (below 64KiB in current implementation) fields. This is not a supported way to read journals, and in the archwiki it really should be marked as such. It is more of a last-ditch recovery method.
Now on to the question. From journalctl(1):
-D DIR, –directory=DIR
Takes a directory path as argument. If specified, journalctl will operate on the specified journal directory DIR instead of the default runtime and system journal paths.
So, assuming that the broken system’s rootfs is mounted under $DEST, use journalctl -D $DEST/var/log/journal to view its system log.
For sake of completeness: in order to view a specific file, use journalctl --file, e. g. journalctl --file /var/log/journal/$(cat /etc/machine-id)/system.journal. However, note that the journal files are rotated periodically, so depending on your use case this form may not be usable for viewing complete journals.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0