The Journal is a component of systemd that is responsible for viewing and management of log files.
The Journal was developed to address problems connected with traditional logging.
Logging data is collected, stored, and processed by the Journal's journald service.
Time is represented in the format YYYY-MM-DD HH:MM:SS
To check journald service is running
# systemctl status systemd-journald
To check disk usage of all archived and active journal files
# journalctl --disk-usage
How to add Journal users without root privileges to grants them access to complete log file
#usermod -a -G adm username
To check messages with in past hour
# journalctl --since "1 hour ago"
For example if you want to see the logs of july 5th 2017 at 13hrs(1PM)
#journalctl --since="2017-07-05 13:00"
To show messages of july 5th 2017 at 13hrs(1PM) to july 5th 2017 at 14hrs(2PM)
# journalctl --since="2017-07-05 13:00" --until="2017-07-05 14:00"
The following will show messages logged by the sshd service of july 5th 2017 at 13hrs to july 5th 2017 at 14hrs
#journalctl -u sshd --since="2017-07-05 13:00" --until="2017-07-05 14:00"
To show messages logged by the xinetd service of july 5th 2017 at 13hrs to july 5th 2017 at 14hrs along with messages logged by the sshdd service of july 5th 2017 at 13hrs to july 5th 2017 at 14hrs (will show log entries of both xinetd and sshd)
# journalctl -u xinetd --since="2017-07-05 13:00" --until="2017-07-05 14:00" -u sshd --since="2017-07-05 13:00" --until="2017-07-05 14:00"
To display Kernel Messages
# journalctl -k
To get a similar format of tail -f command which will list 10 most current log lines ie tailing the journal aka live log
# journalctl -f
