Linux journalctl

From John Freier

Jump to: navigation, search

JournalCtl is the new way log files get captured. There are a bunch of different command to view them.

Count the number of failed ssh authentication for the past hour.

 journalctl -u sshd --since "1 hour ago" | grep failure | wc -l

Retrieved from "http://wiki.johnfreier.com/index.php?title=Linux_journalctl&oldid=695"

Navigation menu