Completed the article.

Author: lvicoun

articles/journalctl.asm.xml

@@ -15,7 +15,9 @@ xmlns="http://docbook.org/ns/docbook">
 <!-- R E S O U R C E S -->
 <resources>
 <!-- concepts -->
-<resource href="../concepts/journal-about-journald.xml" xml:id="_journal-about-journald"/> 
+<resource href="../concepts/journal-about-journald.xml" xml:id="_journal-about-journald"/>
+ <resource href="../concepts/journal-structure.xml" xml:id="_journal-structure"/>
+ <resource href="../concepts/journactl-about.xml" xml:id="_journactl-about"/>
 <!-- glue -->
 <!-- tasks--> 
 <resource href="../tasks/journald-configure.xml" xml:id="_journald-configure"/> 
@@ -140,8 +142,11 @@ You must have &sudo; privileges.
 <module renderas="section" resourceref="_journal-about-journald">
   <module renderas="section" resourceref="_journald-configure"/>
   </module>
-<module renderas="section" resourceref="_journald-filter-journals"/>
+  <module renderas="section" resourceref="_journal-structure"/>
+<module renderas="section" resourceref="_journactl-about">
 <module renderas="section" resourceref="_journalctl-usage"/>
+</module>
+<module renderas="section" resourceref="_journald-filter-journals"/>
 
 <module renderas="section" resourceref="_systemd-journald-troubleshooting"/>
 <module resourceref="_legal"/>

concepts/journactl-about.xml

@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- This file originates from the project https://github.com/openSUSE/doc-kit -->
+<!-- This file can be edited downstream. -->
+<!DOCTYPE topic
+[
+  <!ENTITY % entities SYSTEM "../common/generic-entities.ent">
+    %entities;
+]>
+<!-- refers to legacy doc: <add github link to legacy doc piece, if applicable> -->
+<!-- point back to this document with a similar comment added to your legacy doc piece -->
+<!-- refer to README.md for file and id naming conventions -->
+<!-- metadata is dealt with on the assembly level -->
+<topic xml:id="journald-about-journactl"
+ role="concept" xml:lang="en"
+ xmlns="http://docbook.org/ns/docbook" version="5.2"
+ xmlns:its="http://www.w3.org/2005/11/its"
+ xmlns:xi="http://www.w3.org/2001/XInclude"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:trans="http://docbook.org/ns/transclusion">
+  <info>
+    <title>The <command>journalctl</command> command</title><!-- can be changed via merge in the assembly -->
+    <!--add author's email address-->
+    <meta name="maintainer" content="[email protected]" its:translate="no"/>
+    <abstract><!-- can be changed via merge in the assembly -->
+      <para>
+<command>journalctl</command> is a command-line utility used to query and display logs collected by
+the <command>systemd-journald</command>.
+    </para>    
+    </abstract>
+  </info>
+  <para>
+    Because the logging system stores data in a binary format (for performance and security) rather
+    than plain text, you cannot use standard tools like <command>cat</command> or
+    <command>less</command> to open the files directly. So the <command>journalctl</command>
+    command decodes the data and displays it according to the provided parameters.
+  </para>
+  
+</topic>

references/journalctl-usage.xml

@@ -21,29 +21,31 @@
   <title>Using <command>journalctl</command></title>
   <abstract>
     <para>
-   Running the <command>journalctl</command> without any options displays all logged messages, usually starting from the oldest, and pipes the output through a pager (like less) for easy navigation.
-  </para>
+This section describes the generic usage of the <command>journalctl</command> command.
+    </para>
+    
   </abstract>
   <meta name="maintainer" content="[email protected]" its:translate="no"/>
  </info>
-
- <para>
-   You can run the <command>journalctl</command>:
-  </para>
-   <section>
-  <title>Use <command>journalctl</command></title>
-  <para>
+<para>
    Running the <command>journalctl</command> without any options displays all logged messages, usually starting from the oldest, and pipes the output through a pager (like less) for easy navigation.
   </para>
-<para>Listed below are the common  useful options to enhance the default <command>journalctl</command> behavior. All switches are described in the <command>journalctl</command> man page, man 1 <command>journalctl</command>. </para>
-  <tip>
+ <para>
+   The general syntax of the <command>journalctl</command> command is as follows:
+  </para>
+   <screen>&prompt.sudo;<command>journalctl [OPTIONS...] [MATCHES...]</command></screen>
+   <tip>
    <title>Messages related to a specific executable</title>
    <para>
     To show all journal messages related to a specific executable, specify the
     full path to the executable:
    </para>
 <screen>&prompt.sudo;journalctl /usr/lib/systemd/systemd</screen>
   </tip>
+  <para>
+   Running the command without any options displays all logged messages, usually starting from the oldest, and pipes the output through a pager (like <command>less</command>) for easy navigation.
+  </para>
+<para>Listed below are the common  useful options to enhance the default <command>journalctl</command> behavior:</para>  
   <variablelist>
    <varlistentry>
     <term>-f</term>
@@ -55,7 +57,7 @@
     </listitem>
    </varlistentry>
    <varlistentry>
-    <term/>
+    <term></term>
     <listitem>
      <para>
       Prints the messages and jumps to the end of the journal, so that the
@@ -93,6 +95,8 @@
     </listitem>
    </varlistentry>
   </variablelist>
-  <para/>
-</section>
+  <para>
+    For a complete list of options refer to man page, man 1 <command>journalctl</command>.
+  </para>
+
 </topic>

tasks/journald-configure.xml

@@ -92,7 +92,7 @@ TTYPath=/dev/tty12</screen>
         <itemizedlist>
           <listitem><para>Install rsyslog</para><screen>rpm -q rsyslog</screen></listitem>
           <listitem><para>Enable rsyslog</para><screen>systemctl is-enabled rsyslog</screen></listitem>
-          <listitem><para>Enable forwarding to rsyslog in  in <filename>/etc/systemd/journald.conf</filename></para><screen>ForwardToSyslog=yes</screen></listitem>
+          <listitem><para>Enable forwarding to rsyslog in <filename>/etc/systemd/journald.conf</filename></para><screen>ForwardToSyslog=yes</screen></listitem>
         </itemizedlist>
         <para>For more information on file description, see <command>man 5 journald.conf</command>.</para>
       </listitem>

tasks/journald-filter-journals.xml

@@ -28,61 +28,62 @@ in the assembly -->
   </para></abstract>
   </info>
   <para>
-    You can filter journals based on boot number, time interval, and fields.
+    You can filter journals based on boot number, time interval, and fields. For details refer to following sections.
   </para>
-    <procedure>
-      <title>Filtering journals</title>
-       <step><para>Filter logs based on specific system boot:</para>
-        <itemizedlist>
-          <listitem>
-            <para>List all the available boots:</para>
-              <screen>&prompt.sudo;journalctl --list-boots</screen>
-            <para>The first column lists the boot offset: <literal>0</literal> for the current boot, <literal>-1</literal> for the previous one,
+  <section xml:id="journal-filter-journals-boots">
+    <title>Filter logs based on specific system boot</title>
+    <para>
+      To list logs for all the available boots, run the command as follows:
+    </para>
+    <screen>&prompt.sudo;journalctl --list-boots</screen>
+    <para>The first column lists the boot offset: <literal>0</literal> for the current boot, <literal>-1</literal> for the previous one,
     <literal>-2</literal> for the one before that, etc. The second column contains the boot ID followed by the limiting time stamps of the specific
     boot.</para>
-          </listitem>
-          <listitem><para>Show all messages from the current boot:</para>
-            <screen>&prompt.sudo;journalctl -b</screen></listitem>
-          <listitem><para>To view journal messages from the previous boot, add an offset
+    <para>
+      To show all messages from the current boot:
+    </para>
+    <screen>&prompt.sudo;journalctl -b</screen>
+    <para>To view journal messages from the previous boot, add an offset
     parameter. The following example command shows the previous boot messages:</para>
-            <screen>&prompt.sudo;journalctl -b -1</screen></listitem>
-          <listitem><para>To view boot messages based on the boot ID, <literal>156019a44a774a0bb0148a92df4af81b</literal>:</para>
-            <screen>&prompt.sudo;journalctl _BOOT_ID=156019a44a774a0bb0148a92df4af81b</screen></listitem>
-  </itemizedlist></step>
-        <step><para>Filter logs based on time interval</para>
-              <para>You can filter the output of <command>journalctl</command> by specifying the starting and/or ending date. The date specification should be of the format<literal>YYYY-MM-DD H:MM:SS</literal>. If the time part is omitted, midnight is assumed. If seconds are omitted, <literal>:00</literal> is assumed. If the date part is omitted, the current day is assumed. Instead of numeric expression, you can specify the keywords <literal>yesterday</literal>,
-    <literal>today</literal> or <literal>tomorrow</literal>. They refer to midnight of the day before the current day, of the current day, or of the day after the current day. If you specify <literal>now</literal>, it refers to the current time. You can also specify relative times prefixed with <literal>-</literal> or <literal>+</literal>, referring to times before or after the current time.</para>
-          <itemizedlist>
-            <listitem>
+            <screen>&prompt.sudo;journalctl -b -1</screen>
+    <para>To view boot messages based on the boot ID, <literal>156019a44a774a0bb0148a92df4af81b</literal>:</para>
+    <screen>&prompt.sudo;journalctl _BOOT_ID=156019a44a774a0bb0148a92df4af81b</screen>
+  </section>
+  <section xml:id="journal-filter-journals-time">
+    <title>Filtering logs based on time interval</title>
+    <para>You can filter the output of <command>journalctl</command> by specifying the starting and/or ending date. The date specification should be of the format<literal>YYYY-MM-DD H:MM:SS</literal>. If the time part is omitted, midnight is assumed. If seconds are omitted, <literal>:00</literal> is assumed. If the date part is omitted, the current day is assumed. Instead of numeric expression, you can specify the keywords <literal>yesterday</literal>,
+    <literal>today</literal> or <literal>tomorrow</literal>. They refer to midnight of the day
+    before the current day, of the current day, or of the day after the current day. If you specify
+    <literal>now</literal>, it refers to the current time. You can also specify relative times
+    prefixed with <literal>-</literal> or <literal>+</literal>, referring to times before or after
+    the current time.</para>
+    
               <para>To view only new messages since now, and update the output continuously:</para>
-              <screen>&prompt.sudo;journalctl --since "now" -f</screen></listitem>
-            <listitem><para>To view all messages since last midnight till <literal>3:20am</literal>:</para>
-              <screen>&prompt.sudo;journalctl --since "today" --until "3:20"</screen></listitem>
-          </itemizedlist>
-        </step>
-        <step><para>Filter logs based on fields</para>
+              <screen>&prompt.sudo;journalctl --since "now" -f</screen>
+            <para>To view all messages since last midnight till <literal>3:20am</literal>:</para>
+              <screen>&prompt.sudo;journalctl --since "today" --until "3:20"</screen>
+  </section>
+  <section xml:id="journal-filter-journals-fields">
+    <title>Filtering logs based on fields</title> 
+        
           <para>You can filter the output of the journal by specific fields. The syntax of a field to be matched is <literal>FIELD_NAME=MATCHED_VALUE</literal>, such
     as <literal>_SYSTEMD_UNIT=httpd.service</literal>. You can specify multiple matches in a single query to filter the output messages even more. See
     <command>man 7 systemd.journal-fields</command> for a list of default fields.</para>
-          <itemizedlist>
-            <listitem>
-              <para>To view messages produced by a specific process ID, for example <literal>PID_1039</literal>:</para>
-<screen>&prompt.sudo;journalctl _PID=1039</screen></listitem>
-            <listitem><para>To view messages belonging to a specific user ID, for example <literal>UID_1000</literal>:</para>
-              <screen># journalctl _UID=1000</screen></listitem>
-            <listitem><para>To view messages from the kernel ring buffer (the same as <command>dmesg</command> displays):</para>
-              <screen>&prompt.sudo;journalctl _TRANSPORT=kernel</screen></listitem>
-            <listitem><para>To view messages from the service's standard or error output:</para>
-              <screen>&prompt.sudo;journalctl _TRANSPORT=stdout</screen></listitem>
-            <listitem><para>To view messages produced by a specified service only:</para>
+          
+              <para>To view messages produced by a specific process ID: <literal>PID_1039</literal>:</para>
+<screen>&prompt.sudo;journalctl _PID=1039</screen><para>To view messages belonging to a specific user ID: <literal>UID_1000</literal>:</para>
+              <screen>&prompt.sudo; journalctl _UID=1000</screen>
+            <para>To view messages from the kernel ring buffer (the same as <command>dmesg</command> displays):</para>
+              <screen>&prompt.sudo;journalctl _TRANSPORT=kernel</screen>
+            <para>To view messages from the service's standard or error output:</para>
+              <screen>&prompt.sudo;journalctl _TRANSPORT=stdout</screen>
+            <para>To view messages produced by a specified service only:</para>
               <screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service</screen>
               <para>If two different fields are specified, only entries that match both expressions at the same time are shown:</para>
               <screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=1488</screen>
               <para>If two matches refer to the same field, all entries matching either expression are shown:</para>
               <screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service _SYSTEMD_UNIT=dbus.service</screen>
               <para>You can use the <literal>+</literal> separator to combine two expressions in a logical <literal>OR</literal>. The following example shows all messages from the Avahi service process with the process ID 1480 together with all messages from the D-Bus service:</para>
-              <screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=1480 + _SYSTEMD_UNIT=dbus.service</screen></listitem>
-            </itemizedlist>
-    </step>
-</procedure>
+              <screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=1480 + _SYSTEMD_UNIT=dbus.service</screen>
+</section>
 </topic>