From a1e91fec2ac77c82a460ae1ae189ffca40ed00b1 Mon Sep 17 00:00:00 2001
From: Shalaka Harne <shalaka.harne@suse.com>
Date: Thu, 11 Sep 2025 11:36:49 +0530
Subject: [PATCH 01/32] New Smartdocs for journalctl

---
 DC-SLES-journalctl          |  19 ++++
 articles/journalctl.asm.xml | 171 ++++++++++++++++++++++++++++++++++++
 2 files changed, 190 insertions(+)
 create mode 100644 DC-SLES-journalctl
 create mode 100644 articles/journalctl.asm.xml

diff --git a/DC-SLES-journalctl b/DC-SLES-journalctl
new file mode 100644
index 000000000..4dc536b8e
--- /dev/null
+++ b/DC-SLES-journalctl
@@ -0,0 +1,19 @@
+# This file originates from the project https://github.com/openSUSE/doc-kit
+# This file can be edited downstream.
+
+## Basics
+MAIN="cockpit.asm.xml"
+SRC_DIR="articles"
+IMG_SRC_DIR="images"
+
+## Profiling
+PROFOS="sles"
+PROFCONDITION="16.0"
+STRUCTID="sles-cockpit"
+#PROFARCH="x86_64;zseries;power;aarch64"
+
+DOCBOOK5_RNG_URI="urn:x-suse:rng:v2:geekodoc-flat"
+
+## stylesheet location
+STYLEROOT="/usr/share/xml/docbook/stylesheet/suse2022-ns"
+FALLBACK_STYLEROOT="/usr/share/xml/docbook/stylesheet/suse2021-ns"
\ No newline at end of file
diff --git a/articles/journalctl.asm.xml b/articles/journalctl.asm.xml
new file mode 100644
index 000000000..df1a84fd3
--- /dev/null
+++ b/articles/journalctl.asm.xml
@@ -0,0 +1,171 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<?xml-model href="https://cdn.docbook.org/schema/5.2/rng/assemblyxi.rnc"
+type="application/relax-ng-compact-syntax"?>
+<!DOCTYPE assembly
+[
+    <!ENTITY % entities SYSTEM "../common/generic-entities.ent">
+    %entities;
+]>
+<!-- refers to https://github.com/SUSE/doc-sle/blob/main/xml/systemd.xml -->
+<assembly version="5.2" xml:lang="en"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:trans="http://docbook.org/ns/transclusion"
+          xmlns:its="http://www.w3.org/2005/11/its"
+          xmlns="http://docbook.org/ns/docbook">
+  <!-- R E S O U R C E S -->
+  <resources>
+    <!-- concepts -->
+    <resource href="../concepts/cockpit-about-cockpit.xml" xml:id="_cocpit-about-cockpit"/> 
+      
+    <!-- glue -->
+    <resource href="../glues/cockpit-managing-filesystem.xml" xml:id="_cockpit-managingfs-glue"/>      
+     
+    <!-- tasks -->
+    <resource href="../tasks/cockpit-primary-servers.xml" xml:id="_cockpit-primary-servers"/>      
+    <!-- references -->
+    <resource href="../references/cockpit-logs.xml" xml:id="_cockpit-logs-reference"/>      
+  </resources>
+  <!-- Appendix -->
+  <resources>
+    <resource href="../common/legal.xml" xml:id="_legal">
+      <description>Legal Notice</description>
+    </resource>
+    <resource href="../common/license_gfdl1.2.xml" xml:id="_gfdl">
+      <description>GNU Free Documentation License</description>
+    </resource>
+  </resources>
+  <structure renderas="article" xml:id="sles-journalctl">
+    <merge>
+      <title>Viewing logs using &journalctl;</title>
+      <!-- History -->
+      <revhistory xml:id="rh-sles-cockpit">
+        <revision><date>2025-09-11</date>
+          <revdescription>
+            <para>
+              Initial version
+            </para>
+          </revdescription>
+        </revision>
+      </revhistory>
+      <!-- Maintainer -->
+      <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
+      <!-- Architecture -->
+      <meta name="architecture" its:translate="no">
+        <phrase>&x86-64;</phrase>
+        <phrase>&power;</phrase>
+        <phrase>&zseries;</phrase>
+        <phrase>&aarch64;</phrase>
+      </meta>
+      <!-- Productname & Version -->
+      <meta name="productname">
+        <productname version="16.0">&sles;</productname>
+        <productname version="16.0">&sles4sap;</productname>
+        <productname version="16.0">&sleha;</productname>        
+      </meta>
+      <!-- Social Media -->
+      <meta name="title">View logs using &journalctl;</meta>
+      <meta name="description">
+       How to view and manage &productnameshort; logs using &journalctl;</meta>
+     <!-- Search -->
+      <meta name="social-descr">View &productnameshort; logs using &journalctl;</meta>
+     <!-- Task -->
+      <meta name="task" its:translate="no">
+        <phrase>Configuration</phrase>
+        <phrase>Storage</phrase>
+        <phrase>Maintenance</phrase>
+        <phrase>Administration</phrase>
+      </meta>
+
+      <meta name="category" its:translate="no"><phrase>Systems Management</phrase>
+      </meta>
+      <!-- Series -->
+      <meta name="series" its:translate="no">Products &amp; Solutions</meta>
+
+      <dm:docmanager xmlns:dm="urn:x-suse:ns:docmanager">
+        <dm:bugtracker>
+          <dm:url>https://bugzilla.suse.com/enter_bug.cgi</dm:url>
+          <dm:component>Documentation</dm:component>
+          <dm:product os="sles">SUSE Linux Enterprise Server 16.0</dm:product>
+          <dm:product os="sles4sap">SUSE Linux Enterprise Server 16.0</dm:product>
+          <dm:product os="sleha">SUSE Linux Enterprise Server 16.0</dm:product>        
+          <dm:assignee>shalaka.harne@suse.com</dm:assignee>
+        </dm:bugtracker>
+        <dm:translation>yes</dm:translation>
+      </dm:docmanager>
+      <abstract>
+        <variablelist>
+          <varlistentry>
+            <term>WHAT?</term>
+            <listitem>
+              <para>
+                You can view and analyze logs from &systemd-journald; using the &journalctl; command-line tool.
+              </para>
+            </listitem>
+          </varlistentry>
+          <varlistentry>
+            <term>WHY?</term>
+            <listitem>
+              <para>
+                This article is intended to provide a complete overview of
+                tasks that can be performed using the &journalctl; command-line tool.
+              </para>
+            </listitem>
+          </varlistentry>
+          <varlistentry>
+            <term>EFFORT</term>
+              <listitem>
+                <para>
+                  The average reading time of this article is approximately 30 minutes.
+                </para>
+              </listitem>
+          </varlistentry>
+          <varlistentry>
+            <term>GOAL</term>
+              <listitem>
+                <para>
+                  You will be able to view your system logs using &journalctl;.
+                </para>
+              </listitem>
+          </varlistentry>
+          <varlistentry>
+            <term>REQUIREMENTS</term>
+            <listitem>
+              <para>
+                To fully view the system-wide logs such as kernel, system services, or other user logs using &journaltl; command-line tool, you must have
+                  &sudo; privileges.
+              </para>
+              <para>The &systemd-journald; service must be running as it collects the logs. </para>
+              <para>For persistent logs across reboots, <filename>var/log/journal</filename> file must be available. Volatile logs are saved in  <filename>/run/log/journal</filename>
+            </listitem>
+          </varlistentry>
+        </variablelist>
+      </abstract>
+    </merge>
+    <module renderas="section" resourceref="_journalctl-viewing-logs">
+      <merge>
+        <abstract>
+          <para>
+            Using the &cockpit; <guimenu>Overview</guimenu> part, you can
+            perform changes to the default server configuration or the
+            configuration you provided during the manual installation. In this
+            part, you can change the host name or change the system date or time
+            zone.
+          </para>
+        </abstract>
+      </merge>
+    </module>
+    <module renderas="section" resourceref="_cockpit-selinux">
+<module renderas="section" resourceref="_cockpit-troubleshooting-selinux">
+        <merge>
+          <abstract>
+            <para/>
+          </abstract>
+        </merge>
+      </module>
+    </module>    
+    <module resourceref="_legal"/>
+    <module resourceref="_gfdl">
+      <output renderas="appendix"/>
+    </module>
+  </structure>
+</assembly>

From fdca76273052610305e4bcb604edb4b8f5749f13 Mon Sep 17 00:00:00 2001
From: Shalaka Harne <shalaka.harne@suse.com>
Date: Sun, 23 Nov 2025 18:17:51 +0530
Subject: [PATCH 02/32] New topic.

---
 DC-SLES-journalctl                  |   3 +-
 articles/journalctl.asm.xml         | 305 +++++++++++------------
 concepts/journal-about-journald.xml | 363 ++++++++++++++++++++++++++++
 3 files changed, 509 insertions(+), 162 deletions(-)
 create mode 100644 concepts/journal-about-journald.xml

diff --git a/DC-SLES-journalctl b/DC-SLES-journalctl
index 4dc536b8e..0aaa4826a 100644
--- a/DC-SLES-journalctl
+++ b/DC-SLES-journalctl
@@ -2,14 +2,13 @@
 # This file can be edited downstream.
 
 ## Basics
-MAIN="cockpit.asm.xml"
+MAIN="journalctl.asm.xml"
 SRC_DIR="articles"
 IMG_SRC_DIR="images"
 
 ## Profiling
 PROFOS="sles"
 PROFCONDITION="16.0"
-STRUCTID="sles-cockpit"
 #PROFARCH="x86_64;zseries;power;aarch64"
 
 DOCBOOK5_RNG_URI="urn:x-suse:rng:v2:geekodoc-flat"
diff --git a/articles/journalctl.asm.xml b/articles/journalctl.asm.xml
index df1a84fd3..f0e22f723 100644
--- a/articles/journalctl.asm.xml
+++ b/articles/journalctl.asm.xml
@@ -3,169 +3,154 @@
 type="application/relax-ng-compact-syntax"?>
 <!DOCTYPE assembly
 [
-    <!ENTITY % entities SYSTEM "../common/generic-entities.ent">
-    %entities;
+<!ENTITY % entities SYSTEM "../common/generic-entities.ent">
+%entities;
 ]>
 <!-- refers to https://github.com/SUSE/doc-sle/blob/main/xml/systemd.xml -->
 <assembly version="5.2" xml:lang="en"
-          xmlns:xlink="http://www.w3.org/1999/xlink"
-          xmlns:trans="http://docbook.org/ns/transclusion"
-          xmlns:its="http://www.w3.org/2005/11/its"
-          xmlns="http://docbook.org/ns/docbook">
-  <!-- R E S O U R C E S -->
-  <resources>
-    <!-- concepts -->
-    <resource href="../concepts/cockpit-about-cockpit.xml" xml:id="_cocpit-about-cockpit"/> 
-      
-    <!-- glue -->
-    <resource href="../glues/cockpit-managing-filesystem.xml" xml:id="_cockpit-managingfs-glue"/>      
-     
-    <!-- tasks -->
-    <resource href="../tasks/cockpit-primary-servers.xml" xml:id="_cockpit-primary-servers"/>      
-    <!-- references -->
-    <resource href="../references/cockpit-logs.xml" xml:id="_cockpit-logs-reference"/>      
-  </resources>
-  <!-- Appendix -->
-  <resources>
-    <resource href="../common/legal.xml" xml:id="_legal">
-      <description>Legal Notice</description>
-    </resource>
-    <resource href="../common/license_gfdl1.2.xml" xml:id="_gfdl">
-      <description>GNU Free Documentation License</description>
-    </resource>
-  </resources>
-  <structure renderas="article" xml:id="sles-journalctl">
-    <merge>
-      <title>Viewing logs using &journalctl;</title>
-      <!-- History -->
-      <revhistory xml:id="rh-sles-cockpit">
-        <revision><date>2025-09-11</date>
-          <revdescription>
-            <para>
-              Initial version
-            </para>
-          </revdescription>
-        </revision>
-      </revhistory>
-      <!-- Maintainer -->
-      <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
-      <!-- Architecture -->
-      <meta name="architecture" its:translate="no">
-        <phrase>&x86-64;</phrase>
-        <phrase>&power;</phrase>
-        <phrase>&zseries;</phrase>
-        <phrase>&aarch64;</phrase>
-      </meta>
-      <!-- Productname & Version -->
-      <meta name="productname">
-        <productname version="16.0">&sles;</productname>
-        <productname version="16.0">&sles4sap;</productname>
-        <productname version="16.0">&sleha;</productname>        
-      </meta>
-      <!-- Social Media -->
-      <meta name="title">View logs using &journalctl;</meta>
-      <meta name="description">
-       How to view and manage &productnameshort; logs using &journalctl;</meta>
-     <!-- Search -->
-      <meta name="social-descr">View &productnameshort; logs using &journalctl;</meta>
-     <!-- Task -->
-      <meta name="task" its:translate="no">
-        <phrase>Configuration</phrase>
-        <phrase>Storage</phrase>
-        <phrase>Maintenance</phrase>
-        <phrase>Administration</phrase>
-      </meta>
+xmlns:xlink="http://www.w3.org/1999/xlink"
+xmlns:trans="http://docbook.org/ns/transclusion"
+xmlns:its="http://www.w3.org/2005/11/its"
+xmlns="http://docbook.org/ns/docbook">
+<!-- R E S O U R C E S -->
+<resources>
+<!-- concepts -->
+<resource href="../concepts/journal-about-journald.xml" xml:id="_journal-about-journald"/> 
+<!-- glue -->
+<!-- tasks 
+<resource href="../tasks/cockpit-primary-servers.xml" xml:id="_cockpit-primary-servers"/> 
+-->
+<!-- references
+<resource href="../references/cockpit-logs.xml" xml:id="_cockpit-logs-reference"/> 
+</resources>
+-->
+<!-- Appendix -->
+<resources>
+<resource href="../common/legal.xml" xml:id="_legal">
+<description>Legal Notice</description>
+</resource>
+<resource href="../common/license_gfdl1.2.xml" xml:id="_gfdl">
+<description>GNU Free Documentation License</description>
+</resource>
+</resources>
+<structure renderas="article" xml:id="sles-journalctl">
+<merge>
+<title>Viewing logs using &journalctl;</title>
+<!-- History -->
+<revhistory xml:id="rh-sles-cockpit">
+<revision><date>2025-09-10</date>
+<revdescription>
+<para>
+Initial version
+</para>
+</revdescription>
+</revision>
+</revhistory>
+<!-- Maintainer -->
+<meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
+<!-- Architecture -->
+<meta name="architecture" its:translate="no">
+<phrase>&x86-64;</phrase>
+<phrase>&power;</phrase>
+<phrase>&zseries;</phrase>
+<phrase>&aarch64;</phrase>
+</meta>
+<!-- Productname & Version -->
+<meta name="productname">
+<productname version="16.0">&sles;</productname>
+<productname version="16.0">&sles4sap;</productname>
+<productname version="16.0">&sleha;</productname> 
+</meta>
+<!-- Social Media -->
+<meta name="title">View logs using &journalctl;</meta>
+<meta name="description">
+How to view and manage &productnameshort; logs using &journalctl;</meta>
+<!-- Search -->
+<meta name="social-descr">View &productnameshort; logs using &journalctl;</meta>
+<!-- Task -->
+<meta name="task" its:translate="no">
+<phrase>Configuration</phrase>
+<phrase>Storage</phrase>
+<phrase>Maintenance</phrase>
+<phrase>Administration</phrase>
+</meta>
 
-      <meta name="category" its:translate="no"><phrase>Systems Management</phrase>
-      </meta>
-      <!-- Series -->
-      <meta name="series" its:translate="no">Products &amp; Solutions</meta>
+<meta name="category" its:translate="no"><phrase>Systems Management</phrase>
+</meta>
+<!-- Series -->
+<meta name="series" its:translate="no">Products &amp; Solutions</meta>
 
-      <dm:docmanager xmlns:dm="urn:x-suse:ns:docmanager">
-        <dm:bugtracker>
-          <dm:url>https://bugzilla.suse.com/enter_bug.cgi</dm:url>
-          <dm:component>Documentation</dm:component>
-          <dm:product os="sles">SUSE Linux Enterprise Server 16.0</dm:product>
-          <dm:product os="sles4sap">SUSE Linux Enterprise Server 16.0</dm:product>
-          <dm:product os="sleha">SUSE Linux Enterprise Server 16.0</dm:product>        
-          <dm:assignee>shalaka.harne@suse.com</dm:assignee>
-        </dm:bugtracker>
-        <dm:translation>yes</dm:translation>
-      </dm:docmanager>
-      <abstract>
-        <variablelist>
-          <varlistentry>
-            <term>WHAT?</term>
-            <listitem>
-              <para>
-                You can view and analyze logs from &systemd-journald; using the &journalctl; command-line tool.
-              </para>
-            </listitem>
-          </varlistentry>
-          <varlistentry>
-            <term>WHY?</term>
-            <listitem>
-              <para>
-                This article is intended to provide a complete overview of
-                tasks that can be performed using the &journalctl; command-line tool.
-              </para>
-            </listitem>
-          </varlistentry>
-          <varlistentry>
-            <term>EFFORT</term>
-              <listitem>
-                <para>
-                  The average reading time of this article is approximately 30 minutes.
-                </para>
-              </listitem>
-          </varlistentry>
-          <varlistentry>
-            <term>GOAL</term>
-              <listitem>
-                <para>
-                  You will be able to view your system logs using &journalctl;.
-                </para>
-              </listitem>
-          </varlistentry>
-          <varlistentry>
-            <term>REQUIREMENTS</term>
-            <listitem>
-              <para>
-                To fully view the system-wide logs such as kernel, system services, or other user logs using &journaltl; command-line tool, you must have
-                  &sudo; privileges.
-              </para>
-              <para>The &systemd-journald; service must be running as it collects the logs. </para>
-              <para>For persistent logs across reboots, <filename>var/log/journal</filename> file must be available. Volatile logs are saved in  <filename>/run/log/journal</filename>
-            </listitem>
-          </varlistentry>
-        </variablelist>
-      </abstract>
-    </merge>
-    <module renderas="section" resourceref="_journalctl-viewing-logs">
-      <merge>
-        <abstract>
-          <para>
-            Using the &cockpit; <guimenu>Overview</guimenu> part, you can
-            perform changes to the default server configuration or the
-            configuration you provided during the manual installation. In this
-            part, you can change the host name or change the system date or time
-            zone.
-          </para>
-        </abstract>
-      </merge>
-    </module>
-    <module renderas="section" resourceref="_cockpit-selinux">
-<module renderas="section" resourceref="_cockpit-troubleshooting-selinux">
-        <merge>
-          <abstract>
-            <para/>
-          </abstract>
-        </merge>
-      </module>
-    </module>    
-    <module resourceref="_legal"/>
-    <module resourceref="_gfdl">
-      <output renderas="appendix"/>
-    </module>
-  </structure>
+<dm:docmanager xmlns:dm="urn:x-suse:ns:docmanager">
+<dm:bugtracker>
+<dm:url>https://bugzilla.suse.com/enter_bug.cgi</dm:url>
+<dm:component>Documentation</dm:component>
+<dm:product os="sles">SUSE Linux Enterprise Server 16.0</dm:product>
+<dm:product os="sles4sap">SUSE Linux Enterprise Server 16.0</dm:product>
+<dm:product os="sleha">SUSE Linux Enterprise Server 16.0</dm:product> 
+<dm:assignee>shalaka.harne@suse.com</dm:assignee>
+</dm:bugtracker>
+<dm:translation>yes</dm:translation>
+</dm:docmanager>
+<abstract>
+<variablelist>
+<varlistentry>
+<term>WHAT?</term>
+<listitem>
+<para>
+You can view and analyze logs from &systemd-journald; using the &journalctl; command-line tool.
+</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term>WHY?</term>
+<listitem>
+<para>
+This article is intended to provide a complete overview of
+tasks that can be performed using the &journalctl; command-line tool.
+</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term>EFFORT</term>
+<listitem>
+<para>
+The average reading time of this article is approximately 30 minutes.
+</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term>GOAL</term>
+<listitem>
+<para>
+You will be able to view your system logs using &journalctl;.
+</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term>REQUIREMENTS</term>
+<listitem>
+<para>
+To fully view the system-wide logs such as kernel, system services, or other user logs using &journaltl; command-line tool, you must have
+&sudo; privileges.
+</para>
+<para>The &systemd-journald; service must be running as it collects the logs. </para>
+<para>For persistent logs across reboots, <filename>var/log/journal</filename> file must be available. Volatile logs are saved in <filename>/run/log/journal</filename></para>
+</listitem>
+</varlistentry>
+</variablelist>
+</abstract>
+</merge>
+<module renderas="section" resourceref="_journal_about_journald">
+<merge>
+<abstract>
+<para>
+You can view &systemd; logs using journalctl.</para>
+</abstract>
+</merge>
+</module> 
+<module resourceref="_legal"/>
+<module resourceref="_gfdl">
+<output renderas="appendix"/>
+</module>
+</structure>
 </assembly>
diff --git a/concepts/journal-about-journald.xml b/concepts/journal-about-journald.xml
new file mode 100644
index 000000000..1c2b50e64
--- /dev/null
+++ b/concepts/journal-about-journald.xml
@@ -0,0 +1,363 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE topic
+[
+  <!ENTITY % entities SYSTEM "../common/generic-entities.ent">
+    %entities;
+]>
+<!-- refers to legacy doc: <add github link to legacy doc piece, if applicable> -->
+<!-- point back to this document with a similar comment added to your legacy doc piece -->
+<!-- refer to README.md for file and id naming conventions -->
+<!-- metadata is dealt with on the assembly level -->
+<topic xml:id="concept-about-journald"
+ role="concept" xml:lang="en"
+ xmlns="http://docbook.org/ns/docbook" version="5.2"
+ xmlns:its="http://www.w3.org/2005/11/its"
+ xmlns:xi="http://www.w3.org/2001/XInclude"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:trans="http://docbook.org/ns/transclusion">
+  <info>
+    <title>About journald</title>
+    <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
+    <abstract>
+      <para>
+        systemd uses journald as its logging system. All system events are written to the journal, a system service managed by systemd-journald.service (journald).  This allows you to search and manage all system logs. It collects and stores logging data by maintaining structured indexed journals based on logging information received from the kernel, user processes, standard input, and system service errors.
+      </para>
+    </abstract>
+  </info>
+  <para>
+    The systemd-journald service is enabled by default.
+  </para>
+  <screen>&prompt.sudo; systemctl status systemd-journald
+systemd-journald.service - Journal Service
+   Loaded: loaded (/usr/lib/systemd/system/systemd-journald.service; static)
+   Active: active (running) since Tue 2025-10-21 00:00:00 CET; 21 min ago
+TriggeredBy: systemd-journald-audit.socket
+		 systemd-journald.socket
+             systemd-journald-audit.dev-log.socket
+     Docs: man:systemd-journald.service(8)
+           man:journald.conf(5)
+ Main PID: 624 (systemd-journal)
+    Tasks: 1
+ FD Store: 8 (limit:4224)
+	CPU:116ms
+   CGroup: /system.slice/systemd-journald.service
+           └─413 /usr/lib/systemd/systemd-journald
+[...]</screen>
+  <para>The journal records nearly every type of event generated on the system, including Kernel messages, Initrd (initial RAM disk) messages, Service startup/shutdown, Application events, and Authentication and session data.</para>
+  <para>Journal allows centralization and unification of logs from all sources, and it records events in structured manner which in turn helps identifying errors and in crash recovery. </para>
+  <para>journald collects log data from several sources simultaneously logs are then managed in a structured, binary format within files in /run/log/journal/ by default. Because the /run/ directory is volatile by nature, log data is lost at reboot. To make the log data persistent, create the directory /var/log/journal/ and make sure it has the correct access modes and ownership, so the systemd-journald service can store its data. To switch to persistent logging, execute the following commands:</para>
+  <para>Hence, all log data stored in <path>/run/log/journal/</path> are flushed into <path>/var/log/journal/</path>.<para>
+  <screen>sudo  mkdir /var/log/journal
+sudo  systemd-tmpfiles --create --prefix=/var/log/journal
+sudo  journalctl --flush</screen>
+  <section><title>Journal entry structure</title>
+  <para>Log entry in the journal is a data structure containing the log message and numerous metadata fields,  such as time stamp, source fields, systemd fields,  kernel fields, and priority level.</para>
+<itemizedlist><listitem><para>Timestamp: The exact time the event occurred.</para></listitem>
+<listitem><para>Source Fields</para>
+<itemizedlist>
+  <listitem><para>_PID: Process ID of the sender.</para></listitem>
+  <listitem><para>_UID/_GID: User/Group ID of the sender.</para></listitem>
+  <listitem><para>_EXE: Path to the executable.</para></listitem>
+  <listitem><para>_COMM: Name of the executable.</para></listitem>
+</itemizedlist>
+</listitem>
+<listitem><para>System Fields</para>
+<itemizedlist>
+  <listitem><para>_SYSTEMD_UNIT: The systemd unit (service) that generated the log (e.g., sshd.service).</para></listitem>
+  <listitem><para>_BOOT_ID: A unique identifier for the specific system boot session.</para></listitem>
+</itemizedlist>
+</listitem>
+<listitem><para>Kernel Fields</para>
+<itemizedlist>
+  <listitem><para>_TRANSPORT: How the message was logged (e.g., kernel, syslog, stdout).</para></listitem>
+</itemizedlist>
+</listitem><listitem><para>Priority level: A numeric value indicating the severity of the message (0=emerg, 7=debug).</para></listitem>
+</itemizedlist>
+</section>
+ <sect1 xml:id="sec-journalctl-usage">
+  <title><command>journalctl</command> usage</title>
+
+  <para>
+   Running the <command>journalctl</command> command without any options displays all logged messages, usually starting from the oldest, and pipes the output through a pager (like less) for easy navigation.
+  </para>
+<para>Listed below are the common  useful options to enhance the default <command>journalctl</command> behavior. All switches are described in the <command>journalctl</command> man page, man 1 <command>journalctl</command>. </para>
+  <tip>
+   <title>Messages related to a specific executable</title>
+   <para>
+    To show all journal messages related to a specific executable, specify the
+    full path to the executable:
+   </para>
+<screen>&prompt.sudo;journalctl /usr/lib/systemd/systemd</screen>
+  </tip>
+
+  <variablelist>
+   <varlistentry>
+    <term>-f</term>
+    <listitem>
+     <para>
+      Shows only the most recent journal messages, and prints new log entries
+      as they are added to the journal.
+     </para>
+    </listitem>
+   </varlistentry>
+   <varlistentry>
+    <term/>
+    <listitem>
+     <para>
+      Prints the messages and jumps to the end of the journal, so that the
+      latest entries are visible within the pager.
+     </para>
+    </listitem>
+   </varlistentry>
+   <varlistentry>
+    <term>-r</term>
+    <listitem>
+     <para>
+      Prints the messages of the journal in reverse order, so that the latest
+      entries are listed first.
+     </para>
+    </listitem>
+   </varlistentry>
+   <varlistentry>
+    <term>-k</term>
+    <listitem>
+     <para>
+      Shows only kernel messages. This is equivalent to the field match
+      <literal>_TRANSPORT=kernel</literal> (see
+      <xref linkend="sec-journalctl-filter-fields"/>).
+     </para>
+    </listitem>
+   </varlistentry>
+   <varlistentry>
+    <term>-u</term>
+    <listitem>
+     <para>
+      Shows only messages for the specified &systemd; unit. This is equivalent
+      to the field match
+      <literal>_SYSTEMD_UNIT=<replaceable>UNIT</replaceable></literal> (see
+      <xref linkend="sec-journalctl-filter-fields"/>).
+     </para>
+<screen>&prompt.sudo;journalctl -u apache2
+[...]
+Jun 03 10:07:11 pinkiepie systemd[1]: Starting The Apache Webserver...
+Jun 03 10:07:12 pinkiepie systemd[1]: Started The Apache Webserver.</screen>
+    </listitem>
+   </varlistentry>
+  </variablelist>
+  <para/>
+ </sect1>
+  <sect1 xml:id="sec-journalctl-filter">
+  <title>Filtering the journal output</title>
+
+  <para>
+   When called without switches, <command>journalctl</command> shows the full
+   content of the journal, the oldest entries listed first. The output can be
+   filtered by specific switches and fields.
+  </para>
+
+  <sect2 xml:id="sec-journalctl-filter-boot">
+   <title>Filtering based on a boot number</title>
+   <para>
+    <command>journalctl</command> can filter messages based on a specific
+    system boot. To list all available boots, run
+   </para>
+<screen>&prompt.sudo;journalctl --list-boots
+-1 097ed2cd99124a2391d2cffab1b566f0 Mon 2014-05-26 08:36:56 EDT—Fri 2014-05-30 05:33:44 EDT
+ 0 156019a44a774a0bb0148a92df4af81b Fri 2014-05-30 05:34:09 EDT—Fri 2014-05-30 06:15:01 EDT</screen>
+   <para>
+    The first column lists the boot offset: <literal>0</literal> for the
+    current boot, <literal>-1</literal> for the previous one,
+    <literal>-2</literal> for the one before that, etc. The second column
+    contains the boot ID followed by the limiting time stamps of the specific
+    boot.
+   </para>
+   <para>
+    Show all messages from the current boot:
+   </para>
+<screen>&prompt.sudo;journalctl -b</screen>
+   <para>
+    If you need to see journal messages from the previous boot, add an offset
+    parameter. The following example outputs the previous boot messages:
+   </para>
+<screen>&prompt.sudo;journalctl -b -1</screen>
+   <para>
+    Another way is to list boot messages based on the boot ID. For this
+    purpose, use the _BOOT_ID field:
+   </para>
+<screen>&prompt.sudo;journalctl _BOOT_ID=156019a44a774a0bb0148a92df4af81b</screen>
+  </sect2>
+
+  <sect2 xml:id="sec-journalctl-filter-time">
+   <title>Filtering based on time interval</title>
+   <para>
+    You can filter the output of <command>journalctl</command> by specifying the
+    starting and/or ending date. The date specification should be of the format
+    <literal>2014-06-30 9:17:16</literal>. If the time part is omitted, midnight
+    is assumed. If seconds are omitted, <literal>:00</literal> is assumed. If
+    the date part is omitted, the current day is assumed. Instead of numeric
+    expression, you can specify the keywords <literal>yesterday</literal>,
+    <literal>today</literal> or <literal>tomorrow</literal>. They refer to
+    midnight of the day before the current day, of the current day, or of the
+    day after the current day. If you specify <literal>now</literal>, it refers
+    to the current time. You can also specify relative times prefixed with
+    <literal>-</literal> or <literal>+</literal>, referring to times before or
+    after the current time.
+   </para>
+   <para>
+    Show only new messages since now, and update the output continuously:
+   </para>
+<screen>&prompt.sudo;journalctl --since "now" -f</screen>
+   <para>
+    Show all messages since last midnight till 3:20am:
+   </para>
+<screen>&prompt.sudo;journalctl --since "today" --until "3:20"</screen>
+  </sect2>
+
+  <sect2 xml:id="sec-journalctl-filter-fields">
+   <title>Filtering based on fields</title>
+   <para>
+    You can filter the output of the journal by specific fields. The syntax of
+    a field to be matched is <literal>FIELD_NAME=MATCHED_VALUE</literal>, such
+    as <literal>_SYSTEMD_UNIT=httpd.service</literal>. You can specify multiple
+    matches in a single query to filter the output messages even more. See
+    <command>man 7 systemd.journal-fields</command> for a list of default
+    fields.
+   </para>
+   <para>
+    Show messages produced by a specific process ID:
+   </para>
+<screen>&prompt.sudo;journalctl _PID=1039</screen>
+   <para>
+    Show messages belonging to a specific user ID:
+   </para>
+<screen># journalctl _UID=1000</screen>
+   <para>
+    Show messages from the kernel ring buffer (the same as
+    <command>dmesg</command> produces):
+   </para>
+<screen>&prompt.sudo;journalctl _TRANSPORT=kernel</screen>
+   <para>
+    Show messages from the service's standard or error output:
+   </para>
+<screen>&prompt.sudo;journalctl _TRANSPORT=stdout</screen>
+   <para>
+    Show messages produced by a specified service only:
+   </para>
+<screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service</screen>
+   <para>
+    If two different fields are specified, only entries that match both
+    expressions at the same time are shown:
+   </para>
+<screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=1488</screen>
+   <para>
+    If two matches refer to the same field, all entries matching either
+    expression are shown:
+   </para>
+<screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service _SYSTEMD_UNIT=dbus.service</screen>
+   <para>
+    You can use the <literal>+</literal> separator to combine two expressions in
+    a logical <literal>OR</literal>. The following example shows all messages
+    from the Avahi service process with the process ID 1480 together with all
+    messages from the D-Bus service:
+   </para>
+<screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=1480 + _SYSTEMD_UNIT=dbus.service</screen>
+  </sect2>
+   <sect1 xml:id="sec-journalctl-investigate">
+  <title>Investigating &systemd; errors</title>
+
+  <para>
+   This section introduces a simple example to illustrate how to find and fix
+   the error reported by &systemd; during <command>apache2</command> start-up.
+  </para>
+
+  <procedure>
+   <step>
+    <para>
+     Try to start the apache2 service:
+    </para>
+<screen># systemctl start apache2
+Job for apache2.service failed. See 'systemctl status apache2' and 'journalctl -xn' for details.</screen>
+   </step>
+   <step>
+    <para>
+     Let us see what the service's status says:
+    </para>
+<screen>&prompt.sudo;systemctl status apache2
+apache2.service - The Apache Webserver
+   Loaded: loaded (/usr/lib/systemd/system/apache2.service; disabled)
+   Active: failed (Result: exit-code) since Tue 2014-06-03 11:08:13 CEST; 7min ago
+  Process: 11026 ExecStop=/usr/sbin/start_apache2 -D SYSTEMD -DFOREGROUND \
+           -k graceful-stop (code=exited, status=1/FAILURE)</screen>
+    <para>
+     The ID of the process causing the failure is 11026.
+    </para>
+   </step>
+   <step>
+    <para>
+     Show the verbose version of messages related to process ID 11026:
+    </para>
+<screen>&prompt.sudo;journalctl -o verbose _PID=11026
+[...]
+MESSAGE=AH00526: Syntax error on line 6 of /etc/apache2/default-server.conf:
+[...]
+MESSAGE=Invalid command 'DocumenttRoot', perhaps misspelled or defined by a module
+[...]</screen>
+   </step>
+   <step>
+    <para>
+     Fix the typo inside <filename>/etc/apache2/default-server.conf</filename>,
+     start the apache2 service, and print its status:
+    </para>
+<screen>&prompt.sudo;systemctl start apache2 &amp;&amp; systemctl status apache2
+apache2.service - The Apache Webserver
+   Loaded: loaded (/usr/lib/systemd/system/apache2.service; disabled)
+   Active: active (running) since Tue 2014-06-03 11:26:24 CEST; 4ms ago
+  Process: 11026 ExecStop=/usr/sbin/start_apache2 -D SYSTEMD -DFOREGROUND
+           -k graceful-stop (code=exited, status=1/FAILURE)
+ Main PID: 11263 (httpd2-prefork)
+   Status: "Processing requests..."
+   CGroup: /system.slice/apache2.service
+           ├─11263 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D [...]
+           ├─11280 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D [...]
+           ├─11281 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D [...]
+           ├─11282 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D [...]
+           ├─11283 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D [...]
+           └─11285 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D [...]
+</screen>
+   </step>
+  </procedure>
+ </sect1>
+ <section class="sect1" data-id-title="Journald configuration" id="sec-journalctl-config"><div class="titlepage"><div><div><div class="title-container"><h2 class="title"><span class="title-number-name"><span class="title-number">21.5 </span><span class="title-name">Journald configuration</span></span> <a class="permalink" href="cha-journalctl.html#sec-journalctl-config" title="Permalink">#</a></h2><div class="icons"><a class="icon-reportbug" target="_blank" title="Report an issue"> </a><a class="icon-editsource" href="https://github.com/SUSE/doc-sle/edit/main/xml/journalctl.xml" target="_blank" title="Edit source document"> </a></div></div></div></div></div><p>
+   The behavior of the systemd-journald service can be adjusted by modifying
+   <code class="filename">/etc/systemd/journald.conf</code>. This section introduces
+   only basic option settings. For a complete file description, see
+   <code class="command">man 5 journald.conf</code>. You need to restart the journal for
+   the changes to take effect with
+  </p><div class="verbatim-wrap"><pre class="screen"><code class="prompt user">&gt; </code><code class="command">sudo</code> systemctl restart systemd-journald</pre></div><section class="sect2" data-id-title="Changing the journal size limit" id="sec-journalctl-config-systemmaxuse"><div class="titlepage"><div><div><div class="title-container"><h3 class="title"><span class="title-number-name"><span class="title-number">21.5.1 </span><span class="title-name">Changing the journal size limit</span></span> <a class="permalink" href="cha-journalctl.html#sec-journalctl-config-systemmaxuse" title="Permalink">#</a></h3><div class="icons"><a class="icon-reportbug" target="_blank" title="Report an issue"> </a><a class="icon-editsource" href="https://github.com/SUSE/doc-sle/edit/main/xml/journalctl.xml" target="_blank" title="Edit source document"> </a></div></div></div></div></div><p>
+    If the journal log data is saved to a persistent location (see
+    <a class="xref" href="cha-journalctl.html#sec-journalctl-persistent" title="21.1. Making the journal persistent">Section 21.1, “Making the journal persistent”</a>), it uses up to 10% of the file
+    system the <code class="filename">/var/log/journal</code> resides on. For example,
+    if <code class="filename">/var/log/journal</code> is located on a 30 GB
+    <code class="filename">/var</code> partition, the journal may use up to 3 GB of
+    the disk space. To change this limit, change (and uncomment) the
+    <code class="option">SystemMaxUse</code> option:
+   </p><div class="verbatim-wrap"><pre class="screen">SystemMaxUse=50M</pre></div></section><section class="sect2" data-id-title="Forwarding the journal to /dev/ttyX" id="sec-journalctl-config-ttypath"><div class="titlepage"><div><div><div class="title-container"><h3 class="title"><span class="title-number-name"><span class="title-number">21.5.2 </span><span class="title-name">Forwarding the journal to <code class="filename">/dev/ttyX</code></span></span> <a class="permalink" href="cha-journalctl.html#sec-journalctl-config-ttypath" title="Permalink">#</a></h3><div class="icons"><a class="icon-reportbug" target="_blank" title="Report an issue"> </a><a class="icon-editsource" href="https://github.com/SUSE/doc-sle/edit/main/xml/journalctl.xml" target="_blank" title="Edit source document"> </a></div></div></div></div></div><p>
+    You can forward the journal to a terminal device to inform you about system
+    messages on a preferred terminal screen, for example,
+    <code class="literal">/dev/tty12</code>. Change the following journald options to
+   </p><div class="verbatim-wrap"><pre class="screen">ForwardToConsole=yes
+TTYPath=/dev/tty12</pre></div></section><section class="sect2" data-id-title="Forwarding the journal to syslog facility" id="sec-journalctl-config-forwardtosyslog"><div class="titlepage"><div><div><div class="title-container"><h3 class="title"><span class="title-number-name"><span class="title-number">21.5.3 </span><span class="title-name">Forwarding the journal to syslog facility</span></span> <a class="permalink" href="cha-journalctl.html#sec-journalctl-config-forwardtosyslog" title="Permalink">#</a></h3><div class="icons"><a class="icon-reportbug" target="_blank" title="Report an issue"> </a><a class="icon-editsource" href="https://github.com/SUSE/doc-sle/edit/main/xml/journalctl.xml" target="_blank" title="Edit source document"> </a></div></div></div></div></div><p>
+    Journald is backward compatible with traditional syslog implementations
+    such as <code class="systemitem">rsyslog</code>. Make sure the following is valid:
+   </p><div class="itemizedlist"><ul class="itemizedlist"><li class="listitem"><p>
+      rsyslog is installed.
+     </p><div class="verbatim-wrap"><pre class="screen"><code class="prompt user">&gt; </code><code class="command">sudo</code> rpm -q rsyslog
+rsyslog-7.4.8-2.16.x86_64</pre></div></li><li class="listitem"><p>
+      rsyslog service is enabled.
+     </p><div class="verbatim-wrap"><pre class="screen"><code class="prompt user">&gt; </code><code class="command">sudo</code> systemctl is-enabled rsyslog
+enabled</pre></div></li><li class="listitem"><p>
+      Forwarding to syslog is enabled in
+      <code class="filename">/etc/systemd/journald.conf</code>.
+     </p><div class="verbatim-wrap"><pre class="screen">ForwardToSyslog=yes</pre></div></li></ul></div></section>
+    </section>
+</topic>

From 71350c4912c3a606e5f68eb363a29a8b02a8e73a Mon Sep 17 00:00:00 2001
From: Shalaka Harne <shalaka.harne@suse.com>
Date: Mon, 24 Nov 2025 11:17:14 +0530
Subject: [PATCH 03/32] Updated.

---
 concepts/journal-about-journald.xml | 34 +----------------------------
 1 file changed, 1 insertion(+), 33 deletions(-)

diff --git a/concepts/journal-about-journald.xml b/concepts/journal-about-journald.xml
index 1c2b50e64..5c4d0e605 100644
--- a/concepts/journal-about-journald.xml
+++ b/concepts/journal-about-journald.xml
@@ -327,37 +327,5 @@ apache2.service - The Apache Webserver
    </step>
   </procedure>
  </sect1>
- <section class="sect1" data-id-title="Journald configuration" id="sec-journalctl-config"><div class="titlepage"><div><div><div class="title-container"><h2 class="title"><span class="title-number-name"><span class="title-number">21.5 </span><span class="title-name">Journald configuration</span></span> <a class="permalink" href="cha-journalctl.html#sec-journalctl-config" title="Permalink">#</a></h2><div class="icons"><a class="icon-reportbug" target="_blank" title="Report an issue"> </a><a class="icon-editsource" href="https://github.com/SUSE/doc-sle/edit/main/xml/journalctl.xml" target="_blank" title="Edit source document"> </a></div></div></div></div></div><p>
-   The behavior of the systemd-journald service can be adjusted by modifying
-   <code class="filename">/etc/systemd/journald.conf</code>. This section introduces
-   only basic option settings. For a complete file description, see
-   <code class="command">man 5 journald.conf</code>. You need to restart the journal for
-   the changes to take effect with
-  </p><div class="verbatim-wrap"><pre class="screen"><code class="prompt user">&gt; </code><code class="command">sudo</code> systemctl restart systemd-journald</pre></div><section class="sect2" data-id-title="Changing the journal size limit" id="sec-journalctl-config-systemmaxuse"><div class="titlepage"><div><div><div class="title-container"><h3 class="title"><span class="title-number-name"><span class="title-number">21.5.1 </span><span class="title-name">Changing the journal size limit</span></span> <a class="permalink" href="cha-journalctl.html#sec-journalctl-config-systemmaxuse" title="Permalink">#</a></h3><div class="icons"><a class="icon-reportbug" target="_blank" title="Report an issue"> </a><a class="icon-editsource" href="https://github.com/SUSE/doc-sle/edit/main/xml/journalctl.xml" target="_blank" title="Edit source document"> </a></div></div></div></div></div><p>
-    If the journal log data is saved to a persistent location (see
-    <a class="xref" href="cha-journalctl.html#sec-journalctl-persistent" title="21.1. Making the journal persistent">Section 21.1, “Making the journal persistent”</a>), it uses up to 10% of the file
-    system the <code class="filename">/var/log/journal</code> resides on. For example,
-    if <code class="filename">/var/log/journal</code> is located on a 30 GB
-    <code class="filename">/var</code> partition, the journal may use up to 3 GB of
-    the disk space. To change this limit, change (and uncomment) the
-    <code class="option">SystemMaxUse</code> option:
-   </p><div class="verbatim-wrap"><pre class="screen">SystemMaxUse=50M</pre></div></section><section class="sect2" data-id-title="Forwarding the journal to /dev/ttyX" id="sec-journalctl-config-ttypath"><div class="titlepage"><div><div><div class="title-container"><h3 class="title"><span class="title-number-name"><span class="title-number">21.5.2 </span><span class="title-name">Forwarding the journal to <code class="filename">/dev/ttyX</code></span></span> <a class="permalink" href="cha-journalctl.html#sec-journalctl-config-ttypath" title="Permalink">#</a></h3><div class="icons"><a class="icon-reportbug" target="_blank" title="Report an issue"> </a><a class="icon-editsource" href="https://github.com/SUSE/doc-sle/edit/main/xml/journalctl.xml" target="_blank" title="Edit source document"> </a></div></div></div></div></div><p>
-    You can forward the journal to a terminal device to inform you about system
-    messages on a preferred terminal screen, for example,
-    <code class="literal">/dev/tty12</code>. Change the following journald options to
-   </p><div class="verbatim-wrap"><pre class="screen">ForwardToConsole=yes
-TTYPath=/dev/tty12</pre></div></section><section class="sect2" data-id-title="Forwarding the journal to syslog facility" id="sec-journalctl-config-forwardtosyslog"><div class="titlepage"><div><div><div class="title-container"><h3 class="title"><span class="title-number-name"><span class="title-number">21.5.3 </span><span class="title-name">Forwarding the journal to syslog facility</span></span> <a class="permalink" href="cha-journalctl.html#sec-journalctl-config-forwardtosyslog" title="Permalink">#</a></h3><div class="icons"><a class="icon-reportbug" target="_blank" title="Report an issue"> </a><a class="icon-editsource" href="https://github.com/SUSE/doc-sle/edit/main/xml/journalctl.xml" target="_blank" title="Edit source document"> </a></div></div></div></div></div><p>
-    Journald is backward compatible with traditional syslog implementations
-    such as <code class="systemitem">rsyslog</code>. Make sure the following is valid:
-   </p><div class="itemizedlist"><ul class="itemizedlist"><li class="listitem"><p>
-      rsyslog is installed.
-     </p><div class="verbatim-wrap"><pre class="screen"><code class="prompt user">&gt; </code><code class="command">sudo</code> rpm -q rsyslog
-rsyslog-7.4.8-2.16.x86_64</pre></div></li><li class="listitem"><p>
-      rsyslog service is enabled.
-     </p><div class="verbatim-wrap"><pre class="screen"><code class="prompt user">&gt; </code><code class="command">sudo</code> systemctl is-enabled rsyslog
-enabled</pre></div></li><li class="listitem"><p>
-      Forwarding to syslog is enabled in
-      <code class="filename">/etc/systemd/journald.conf</code>.
-     </p><div class="verbatim-wrap"><pre class="screen">ForwardToSyslog=yes</pre></div></li></ul></div></section>
-    </section>
+ 
 </topic>

From ab3205da6ea882f00371cef98266442467dfdfe9 Mon Sep 17 00:00:00 2001
From: Shalaka Harne <shalaka.harne@suse.com>
Date: Mon, 24 Nov 2025 11:48:54 +0530
Subject: [PATCH 04/32] Fixed errors.

---
 articles/journalctl.asm.xml  |  7 ++--
 tasks/journald-configure.xml | 71 ++++++++++++++++++++++++++++++++++++
 2 files changed, 75 insertions(+), 3 deletions(-)
 create mode 100644 tasks/journald-configure.xml

diff --git a/articles/journalctl.asm.xml b/articles/journalctl.asm.xml
index f0e22f723..e74e460c5 100644
--- a/articles/journalctl.asm.xml
+++ b/articles/journalctl.asm.xml
@@ -17,9 +17,9 @@ xmlns="http://docbook.org/ns/docbook">
 <!-- concepts -->
 <resource href="../concepts/journal-about-journald.xml" xml:id="_journal-about-journald"/> 
 <!-- glue -->
-<!-- tasks 
-<resource href="../tasks/cockpit-primary-servers.xml" xml:id="_cockpit-primary-servers"/> 
--->
+<!-- tasks--> 
+<resource href="../tasks/journald-configure.xml" xml:id="_journald-configure"/> 
+
 <!-- references
 <resource href="../references/cockpit-logs.xml" xml:id="_cockpit-logs-reference"/> 
 </resources>
@@ -141,6 +141,7 @@ To fully view the system-wide logs such as kernel, system services, or other use
 </abstract>
 </merge>
 <module renderas="section" resourceref="_journal_about_journald">
+<module renderas="section" resourceref="_journald_configure">
 <merge>
 <abstract>
 <para>
diff --git a/tasks/journald-configure.xml b/tasks/journald-configure.xml
new file mode 100644
index 000000000..9b00e086e
--- /dev/null
+++ b/tasks/journald-configure.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE topic
+[
+  <!ENTITY % entities SYSTEM "../common/generic-entities.ent">
+    %entities;
+]>
+<!-- refers to legacy doc: <add github link to legacy doc piece, if applicable> -->
+<!-- point back to this document with a similar comment added to your legacy doc piece -->
+<!-- refer to README.md for file and id naming conventions -->
+<!-- metadata is dealt with on the assembly level -->
+<topic xml:id="journal-configure-journald"
+ role="task" xml:lang="en"
+ xmlns="http://docbook.org/ns/docbook" version="5.2"
+ xmlns:its="http://www.w3.org/2005/11/its"
+ xmlns:xi="http://www.w3.org/2001/XInclude"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:trans="http://docbook.org/ns/transclusion">
+  <info>
+    <title>Configuring journald</title><!-- can be changed via merge
+in the assembly -->
+    <!-- add author's e-mail -->
+    <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
+    <abstract><!-- can be changed via merge in the assembly -->
+      <para>
+       The topic covers the basic configuration of journald. You can configure the basic behavior of systemd-journald service by modifying <filename>/etc/systemd/journald.conf</filename>. After making the changes, you must restart <filename>systemd-journald</filename>. For more information on file description, see <filename>man 5 journald.conf.</filename>.
+       </para>
+      </abstract>
+  </info>
+  <para>
+    To configure journald, proceed as follows:
+  </para>
+  <procedure>
+    <step>
+      <para>
+        To modify the storage type, modify <command>Storage=auto</command>. </para>
+          <para>The available options are: </para>
+          <itemizedlist>
+            <listitem><command>volatile</command>: RAM only (clears on reboot).</listitem>
+          <listitem><command>persistent</command>: stored in <filename>/var/log/journal</filename>.</listitem>
+        <listitem><command>auto</command>: persistent if directory exists, otherwise volatile.</listitem>
+        <listitem><command>none</command>: no logs written to disk or memory.</listitem>
+      </itemizedlist>
+     <para>If the journal log data is saved to a persistent location, it uses up to 10% of the file system the <filename>/var/log/journal</filename> resides on. For example, if <filename>/var/log/journal</filename> is located on a 30 GB /var partition, the journal may use up to 3 GB of the disk space. To change this limit, change (and uncomment) the <command>SystemMaxUse</command> option: 
+       </para><screen>SystemMaxUse=50M
+        systemctl restart systemd-journald
+      </screen>
+     </step>
+    <step>
+      <para>
+        To limit logs rate to prevent flooding logs:
+        </para>
+        <screen>RateLimitIntervalSec=30s
+RateLimitBurst=1000</screen>
+    </step>
+    <step>
+      <para>
+        To send the journal to a terminal device to inform you about system messages on a preferred terminal screen, for example <filename>/dev/tty12</filename>:
+       </para>
+       <screen>ForwardToConsole=yes
+TTYPath=/dev/tty12</screen>
+      </step>
+      <step>
+        <para>To forward logs to syslog, modify <command>ForwardToSyslog=yes</command>.Journald is backward compatible with traditional syslog implementations such as rsyslog.</para>
+      <itemizedlist>
+        <listitem><para>Install rsyslog</para><screen>rpm -q rsyslog</screen></listitem>
+        <listitem><para>Enable rsyslog</para><screen>systemctl is-enabled rsyslog</screen></listitem>
+        <listitem><para>Enable forwarding to rsyslog in  in <filename>/etc/systemd/journald.conf</filename></para><screen>ForwardToSyslog=yes</screen></listitem>
+      </itemizedlist>
+      </step>
+  </procedure>
+</topic>

From 29a9c4409924bbda455389b2ddfbe2578b3b83ae Mon Sep 17 00:00:00 2001
From: Shalaka Harne <shalaka.harne@suse.com>
Date: Mon, 24 Nov 2025 11:54:15 +0530
Subject: [PATCH 05/32] Fixed errors.

---
 tasks/systemd-journald-troubleshooting.xml | 86 ++++++++++++++++++++++
 1 file changed, 86 insertions(+)
 create mode 100644 tasks/systemd-journald-troubleshooting.xml

diff --git a/tasks/systemd-journald-troubleshooting.xml b/tasks/systemd-journald-troubleshooting.xml
new file mode 100644
index 000000000..4a25bfeb5
--- /dev/null
+++ b/tasks/systemd-journald-troubleshooting.xml
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE topic
+[
+  <!ENTITY % entities SYSTEM "../common/generic-entities.ent">
+    %entities;
+]>
+<!-- refers to legacy doc: <add github link to legacy doc piece, if applicable> -->
+<!-- point back to this document with a similar comment added to your legacy doc piece -->
+<!-- refer to README.md for file and id naming conventions -->
+<!-- metadata is dealt with on the assembly level -->
+<topic xml:id="cockpit-troubleshooting-selinux"
+ role="task" xml:lang="en"
+ xmlns="http://docbook.org/ns/docbook" version="5.2"
+ xmlns:its="http://www.w3.org/2005/11/its"
+ xmlns:xi="http://www.w3.org/2001/XInclude"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:trans="http://docbook.org/ns/transclusion">
+  <info>
+    <title>Troubleshooting &systemd; errors</title><!-- can be changed via merge
+in the assembly -->
+    <!-- add author's e-mail -->
+    <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
+    <abstract><!-- can be changed via merge in the assembly -->
+     <para>
+   This section introduces a simple example to illustrate how to find and fix
+   the error reported by &systemd; during <command>apache2</command> start-up.
+  </para>
+    </abstract>
+  </info>
+<procedure>
+   <step>
+    <para>
+     Try to start the apache2 service:
+    </para>
+<screen># systemctl start apache2
+Job for apache2.service failed. See 'systemctl status apache2' and 'journalctl -xn' for details.</screen>
+   </step>
+   <step>
+    <para>
+     Let us see what the service's status says:
+    </para>
+<screen>&prompt.sudo;systemctl status apache2
+apache2.service - The Apache Webserver
+   Loaded: loaded (/usr/lib/systemd/system/apache2.service; disabled)
+   Active: failed (Result: exit-code) since Tue 2014-06-03 11:08:13 CEST; 7min ago
+  Process: 11026 ExecStop=/usr/sbin/start_apache2 -D SYSTEMD -DFOREGROUND \
+           -k graceful-stop (code=exited, status=1/FAILURE)</screen>
+    <para>
+     The ID of the process causing the failure is 11026.
+    </para>
+   </step>
+   <step>
+    <para>
+     Show the verbose version of messages related to process ID 11026:
+    </para>
+<screen>&prompt.sudo;journalctl -o verbose _PID=11026
+[...]
+MESSAGE=AH00526: Syntax error on line 6 of /etc/apache2/default-server.conf:
+[...]
+MESSAGE=Invalid command 'DocumenttRoot', perhaps misspelled or defined by a module
+[...]</screen>
+   </step>
+   <step>
+    <para>
+     Fix the typo inside <filename>/etc/apache2/default-server.conf</filename>,
+     start the apache2 service, and print its status:
+    </para>
+<screen>&prompt.sudo;systemctl start apache2 &amp;&amp; systemctl status apache2
+apache2.service - The Apache Webserver
+   Loaded: loaded (/usr/lib/systemd/system/apache2.service; disabled)
+   Active: active (running) since Tue 2014-06-03 11:26:24 CEST; 4ms ago
+  Process: 11026 ExecStop=/usr/sbin/start_apache2 -D SYSTEMD -DFOREGROUND
+           -k graceful-stop (code=exited, status=1/FAILURE)
+ Main PID: 11263 (httpd2-prefork)
+   Status: "Processing requests..."
+   CGroup: /system.slice/apache2.service
+           ├─11263 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D [...]
+           ├─11280 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D [...]
+           ├─11281 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D [...]
+           ├─11282 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D [...]
+           ├─11283 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D [...]
+           └─11285 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D [...]
+</screen>
+   </step>
+  </procedure>
+</topic>

From 70e8f7ccdecc5467d3f217e45e2c7cb59397e064 Mon Sep 17 00:00:00 2001
From: Shalaka Harne <shalaka.harne@suse.com>
Date: Mon, 24 Nov 2025 12:25:27 +0530
Subject: [PATCH 06/32] Fixed errors.

---
 tasks/systemd-journald-troubleshooting.xml | 31 +++++++++++++++++++---
 1 file changed, 27 insertions(+), 4 deletions(-)

diff --git a/tasks/systemd-journald-troubleshooting.xml b/tasks/systemd-journald-troubleshooting.xml
index 4a25bfeb5..a383e16c1 100644
--- a/tasks/systemd-journald-troubleshooting.xml
+++ b/tasks/systemd-journald-troubleshooting.xml
@@ -22,13 +22,35 @@ in the assembly -->
     <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
     <abstract><!-- can be changed via merge in the assembly -->
      <para>
-   This section introduces a simple example to illustrate how to find and fix
-   the error reported by &systemd; during <command>apache2</command> start-up.
+   This section introduces ways to interpret and fix the log messages retrieved through <command>journalctl</command>.
   </para>
-    </abstract>
+      </abstract>
   </info>
+<procedure><step><para>Identify the severity and content of the error.The errors are marked with priority level:</para>
+<itemizedlist><listitem><para><guimenu>0-2</guimenu>: <command>emerg, alert, crit</command>: Critical issues, system collapse imminent.</para></listitem>
+  <listitem><para><guimenu>3</guimenu>: <command>err (Error)</command>: A service or application failed to complete a requested operation.</para></listitem>
+   <listitem><para><guimenu>4</guimenu>: <command>warning </command>: Something undesirable happened but is not an immediate failure.</para></listitem>
+ <listitem><para><guimenu>5-7</guimenu>: <command>notice, info, debug</command>: Normal operational information and developer diagnostics.</para></listitem></itemizedlist>
+</step></procedure>
+<step><para>Identify the failing unit using the following command:</para>
+<screen>journalctl -u <literal>failing_service_name</literal></screen>
+<para>The lines preceding the termination message includes information on the error.</para>
+<itemizedlist><listitem><para><guimenu>Exit Status</guimenu>: f a service stops, look for a message like Process xxx exited with status 1/FAILURE. A status of 0 is success. Any non-zero status indicates an error. </para></listitem>
+  <listitem><para><guimenu>Configuration Errors</guimenu>: Messages containing phrases like No such file or directory, Permission denied, or Address already in use usually point to a problem in the service's configuration file</para></listitem>
+   <listitem><para><guimenu>Out-of-Memory (OOM)</guimenu>: Out-of-Memory (OOM)</para></listitem>
+ </itemizedlist></step>
+<step><para>Use detailed views of logs to get detailed information on the error.</para>
+<screen>journalctl -xe</screen>
+<para>To view all messages from the Apache service during the current boot, with detailed explanations, run the following command:</para>
+<screen>journalctl -u httpd.service -b -xe</screen></step>
+<step><para></para></step>
+<section>
 <procedure>
-   <step>
+  <para>
+   This section introduces a simple example to illustrate how to find and fix
+   the error reported by &systemd; during <command>apache2</command> start-up.
+  </para>
+    <step>
     <para>
      Try to start the apache2 service:
     </para>
@@ -83,4 +105,5 @@ apache2.service - The Apache Webserver
 </screen>
    </step>
   </procedure>
+  </section>
 </topic>

From f7a11bf054503b4f2d6f0a88c39455214ecbde15 Mon Sep 17 00:00:00 2001
From: Shalaka Harne <shalaka.harne@suse.com>
Date: Mon, 24 Nov 2025 12:28:40 +0530
Subject: [PATCH 07/32] Fixed errors.

---
 articles/journalctl.asm.xml         |  3 +-
 concepts/journal-about-journald.xml | 66 +----------------------------
 2 files changed, 3 insertions(+), 66 deletions(-)

diff --git a/articles/journalctl.asm.xml b/articles/journalctl.asm.xml
index e74e460c5..8daa4c5ee 100644
--- a/articles/journalctl.asm.xml
+++ b/articles/journalctl.asm.xml
@@ -19,7 +19,7 @@ xmlns="http://docbook.org/ns/docbook">
 <!-- glue -->
 <!-- tasks--> 
 <resource href="../tasks/journald-configure.xml" xml:id="_journald-configure"/> 
-
+<resource href="../tasks/systemd-journald-troubleshooting.xml" xml:id="_systemd-journald-troubleshooting"/> 
 <!-- references
 <resource href="../references/cockpit-logs.xml" xml:id="_cockpit-logs-reference"/> 
 </resources>
@@ -142,6 +142,7 @@ To fully view the system-wide logs such as kernel, system services, or other use
 </merge>
 <module renderas="section" resourceref="_journal_about_journald">
 <module renderas="section" resourceref="_journald_configure">
+<module renderas="section" resourceref="_systemd-journald-troubleshooting">
 <merge>
 <abstract>
 <para>
diff --git a/concepts/journal-about-journald.xml b/concepts/journal-about-journald.xml
index 5c4d0e605..ac79bcb8f 100644
--- a/concepts/journal-about-journald.xml
+++ b/concepts/journal-about-journald.xml
@@ -262,70 +262,6 @@ Jun 03 10:07:12 pinkiepie systemd[1]: Started The Apache Webserver.</screen>
    </para>
 <screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=1480 + _SYSTEMD_UNIT=dbus.service</screen>
   </sect2>
-   <sect1 xml:id="sec-journalctl-investigate">
-  <title>Investigating &systemd; errors</title>
-
-  <para>
-   This section introduces a simple example to illustrate how to find and fix
-   the error reported by &systemd; during <command>apache2</command> start-up.
-  </para>
-
-  <procedure>
-   <step>
-    <para>
-     Try to start the apache2 service:
-    </para>
-<screen># systemctl start apache2
-Job for apache2.service failed. See 'systemctl status apache2' and 'journalctl -xn' for details.</screen>
-   </step>
-   <step>
-    <para>
-     Let us see what the service's status says:
-    </para>
-<screen>&prompt.sudo;systemctl status apache2
-apache2.service - The Apache Webserver
-   Loaded: loaded (/usr/lib/systemd/system/apache2.service; disabled)
-   Active: failed (Result: exit-code) since Tue 2014-06-03 11:08:13 CEST; 7min ago
-  Process: 11026 ExecStop=/usr/sbin/start_apache2 -D SYSTEMD -DFOREGROUND \
-           -k graceful-stop (code=exited, status=1/FAILURE)</screen>
-    <para>
-     The ID of the process causing the failure is 11026.
-    </para>
-   </step>
-   <step>
-    <para>
-     Show the verbose version of messages related to process ID 11026:
-    </para>
-<screen>&prompt.sudo;journalctl -o verbose _PID=11026
-[...]
-MESSAGE=AH00526: Syntax error on line 6 of /etc/apache2/default-server.conf:
-[...]
-MESSAGE=Invalid command 'DocumenttRoot', perhaps misspelled or defined by a module
-[...]</screen>
-   </step>
-   <step>
-    <para>
-     Fix the typo inside <filename>/etc/apache2/default-server.conf</filename>,
-     start the apache2 service, and print its status:
-    </para>
-<screen>&prompt.sudo;systemctl start apache2 &amp;&amp; systemctl status apache2
-apache2.service - The Apache Webserver
-   Loaded: loaded (/usr/lib/systemd/system/apache2.service; disabled)
-   Active: active (running) since Tue 2014-06-03 11:26:24 CEST; 4ms ago
-  Process: 11026 ExecStop=/usr/sbin/start_apache2 -D SYSTEMD -DFOREGROUND
-           -k graceful-stop (code=exited, status=1/FAILURE)
- Main PID: 11263 (httpd2-prefork)
-   Status: "Processing requests..."
-   CGroup: /system.slice/apache2.service
-           ├─11263 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D [...]
-           ├─11280 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D [...]
-           ├─11281 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D [...]
-           ├─11282 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D [...]
-           ├─11283 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D [...]
-           └─11285 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D [...]
-</screen>
-   </step>
-  </procedure>
- </sect1>
+   
  
 </topic>

From d6ed57d1d5473016e088f25348f29e4bee9ff797 Mon Sep 17 00:00:00 2001
From: Shalaka Harne <shalaka.harne@suse.com>
Date: Mon, 24 Nov 2025 13:10:41 +0530
Subject: [PATCH 08/32] Fixed errors.

---
 articles/journalctl.asm.xml                | 39 +++++++--------
 concepts/journal-about-journald.xml        | 56 ++++++++--------------
 tasks/journald-configure.xml               |  8 ++--
 tasks/systemd-journald-troubleshooting.xml | 12 +++--
 4 files changed, 47 insertions(+), 68 deletions(-)

diff --git a/articles/journalctl.asm.xml b/articles/journalctl.asm.xml
index 8daa4c5ee..89e5060f7 100644
--- a/articles/journalctl.asm.xml
+++ b/articles/journalctl.asm.xml
@@ -22,8 +22,8 @@ xmlns="http://docbook.org/ns/docbook">
 <resource href="../tasks/systemd-journald-troubleshooting.xml" xml:id="_systemd-journald-troubleshooting"/> 
 <!-- references
 <resource href="../references/cockpit-logs.xml" xml:id="_cockpit-logs-reference"/> 
-</resources>
--->
+--></resources>
+
 <!-- Appendix -->
 <resources>
 <resource href="../common/legal.xml" xml:id="_legal">
@@ -33,11 +33,11 @@ xmlns="http://docbook.org/ns/docbook">
 <description>GNU Free Documentation License</description>
 </resource>
 </resources>
-<structure renderas="article" xml:id="sles-journalctl">
+<structure renderas="article" xml:id="sles-journald">
 <merge>
-<title>Viewing logs using &journalctl;</title>
+<title>Viewing logs using <command>journalctl</command></title>
 <!-- History -->
-<revhistory xml:id="rh-sles-cockpit">
+<revhistory xml:id="rh-sles-journald">
 <revision><date>2025-09-10</date>
 <revdescription>
 <para>
@@ -62,11 +62,11 @@ Initial version
 <productname version="16.0">&sleha;</productname> 
 </meta>
 <!-- Social Media -->
-<meta name="title">View logs using &journalctl;</meta>
+<meta name="title">View logs using <command>journalctl</command></meta>
 <meta name="description">
-How to view and manage &productnameshort; logs using &journalctl;</meta>
+How to view and manage &productnameshort; logs using <command>journalctl</command></meta>
 <!-- Search -->
-<meta name="social-descr">View &productnameshort; logs using &journalctl;</meta>
+<meta name="social-descr">View &productnameshort; logs using <command>journalctl</command></meta>
 <!-- Task -->
 <meta name="task" its:translate="no">
 <phrase>Configuration</phrase>
@@ -97,7 +97,7 @@ How to view and manage &productnameshort; logs using &journalctl;</meta>
 <term>WHAT?</term>
 <listitem>
 <para>
-You can view and analyze logs from &systemd-journald; using the &journalctl; command-line tool.
+You can view and analyze logs from <command>systemd-journald</command> using the <command>journalctl</command> command-line tool.
 </para>
 </listitem>
 </varlistentry>
@@ -106,7 +106,7 @@ You can view and analyze logs from &systemd-journald; using the &journalctl; com
 <listitem>
 <para>
 This article is intended to provide a complete overview of
-tasks that can be performed using the &journalctl; command-line tool.
+tasks that can be performed using the <command>journalctl</command> command-line tool.
 </para>
 </listitem>
 </varlistentry>
@@ -122,7 +122,7 @@ The average reading time of this article is approximately 30 minutes.
 <term>GOAL</term>
 <listitem>
 <para>
-You will be able to view your system logs using &journalctl;.
+You will be able to view your system logs using <command>journalctl</command>.
 </para>
 </listitem>
 </varlistentry>
@@ -130,26 +130,19 @@ You will be able to view your system logs using &journalctl;.
 <term>REQUIREMENTS</term>
 <listitem>
 <para>
-To fully view the system-wide logs such as kernel, system services, or other user logs using &journaltl; command-line tool, you must have
+To fully view the system-wide logs such as kernel, system services, or other user logs using <command>journalctl</command> command-line tool, you must have
 &sudo; privileges.
 </para>
-<para>The &systemd-journald; service must be running as it collects the logs. </para>
+<para>The <command>systemd-journald</command> service must be running as it collects the logs. </para>
 <para>For persistent logs across reboots, <filename>var/log/journal</filename> file must be available. Volatile logs are saved in <filename>/run/log/journal</filename></para>
 </listitem>
 </varlistentry>
 </variablelist>
 </abstract>
 </merge>
-<module renderas="section" resourceref="_journal_about_journald">
-<module renderas="section" resourceref="_journald_configure">
-<module renderas="section" resourceref="_systemd-journald-troubleshooting">
-<merge>
-<abstract>
-<para>
-You can view &systemd; logs using journalctl.</para>
-</abstract>
-</merge>
-</module> 
+<module renderas="section" resourceref="_journal-about-journald"/>
+<module renderas="section" resourceref="_journald-configure"/>
+<module renderas="section" resourceref="_systemd-journald-troubleshooting"/>
 <module resourceref="_legal"/>
 <module resourceref="_gfdl">
 <output renderas="appendix"/>
diff --git a/concepts/journal-about-journald.xml b/concepts/journal-about-journald.xml
index ac79bcb8f..01b5b75f1 100644
--- a/concepts/journal-about-journald.xml
+++ b/concepts/journal-about-journald.xml
@@ -25,32 +25,16 @@
     </abstract>
   </info>
   <para>
-    The systemd-journald service is enabled by default.
+    The <command>systemd-journald</command> service is enabled by default.
   </para>
-  <screen>&prompt.sudo; systemctl status systemd-journald
-systemd-journald.service - Journal Service
-   Loaded: loaded (/usr/lib/systemd/system/systemd-journald.service; static)
-   Active: active (running) since Tue 2025-10-21 00:00:00 CET; 21 min ago
-TriggeredBy: systemd-journald-audit.socket
-		 systemd-journald.socket
-             systemd-journald-audit.dev-log.socket
-     Docs: man:systemd-journald.service(8)
-           man:journald.conf(5)
- Main PID: 624 (systemd-journal)
-    Tasks: 1
- FD Store: 8 (limit:4224)
-	CPU:116ms
-   CGroup: /system.slice/systemd-journald.service
-           └─413 /usr/lib/systemd/systemd-journald
-[...]</screen>
-  <para>The journal records nearly every type of event generated on the system, including Kernel messages, Initrd (initial RAM disk) messages, Service startup/shutdown, Application events, and Authentication and session data.</para>
-  <para>Journal allows centralization and unification of logs from all sources, and it records events in structured manner which in turn helps identifying errors and in crash recovery. </para>
-  <para>journald collects log data from several sources simultaneously logs are then managed in a structured, binary format within files in /run/log/journal/ by default. Because the /run/ directory is volatile by nature, log data is lost at reboot. To make the log data persistent, create the directory /var/log/journal/ and make sure it has the correct access modes and ownership, so the systemd-journald service can store its data. To switch to persistent logging, execute the following commands:</para>
-  <para>Hence, all log data stored in <path>/run/log/journal/</path> are flushed into <path>/var/log/journal/</path>.<para>
-  <screen>sudo  mkdir /var/log/journal
+  <para>The journal records nearly every type of event generated on the system, including Kernel messages, Initrd (initial RAM disk) messages, Service startup/shutdown, Application events, and Authentication and session data. Journal allows centralization and unification of logs from all sources, and it records events in structured manner which in turn helps identifying errors and in crash recovery.</para>
+  <para>The <command>journald</command> command collects log data from several sources simultaneously logs are then managed in a structured, binary format within files in <filename>/run/log/journal/</filename> by default. Because the <filename>/run/ directory</filename> is volatile by nature, log data is lost at reboot. To make the log data persistent, create the directory <filename>/var/log/journal/</filename> and make sure it has the correct access modes and ownership, so the <command>systemd-journald</command> service can store its data. To switch to persistent logging, execute the following commands:</para>
+  <screen>&prompt.sudo;  mkdir /var/log/journal
 sudo  systemd-tmpfiles --create --prefix=/var/log/journal
 sudo  journalctl --flush</screen>
-  <section><title>Journal entry structure</title>
+<para>All log data stored in <filename>/run/log/journal/</filename> are flushed into <filename>/var/log/journal/</filename>.</para>
+  <section>
+   <title>Journal entry structure</title>
   <para>Log entry in the journal is a data structure containing the log message and numerous metadata fields,  such as time stamp, source fields, systemd fields,  kernel fields, and priority level.</para>
 <itemizedlist><listitem><para>Timestamp: The exact time the event occurred.</para></listitem>
 <listitem><para>Source Fields</para>
@@ -74,11 +58,11 @@ sudo  journalctl --flush</screen>
 </listitem><listitem><para>Priority level: A numeric value indicating the severity of the message (0=emerg, 7=debug).</para></listitem>
 </itemizedlist>
 </section>
- <sect1 xml:id="sec-journalctl-usage">
+ <section xml:id="sec-journalctl-usage">
   <title><command>journalctl</command> usage</title>
 
   <para>
-   Running the <command>journalctl</command> command without any options displays all logged messages, usually starting from the oldest, and pipes the output through a pager (like less) for easy navigation.
+   Running the <command>journalctl</command> without any options displays all logged messages, usually starting from the oldest, and pipes the output through a pager (like less) for easy navigation.
   </para>
 <para>Listed below are the common  useful options to enhance the default <command>journalctl</command> behavior. All switches are described in the <command>journalctl</command> man page, man 1 <command>journalctl</command>. </para>
   <tip>
@@ -145,8 +129,8 @@ Jun 03 10:07:12 pinkiepie systemd[1]: Started The Apache Webserver.</screen>
    </varlistentry>
   </variablelist>
   <para/>
- </sect1>
-  <sect1 xml:id="sec-journalctl-filter">
+</section>
+  <section xml:id="sec-journalctl-filter">
   <title>Filtering the journal output</title>
 
   <para>
@@ -155,7 +139,7 @@ Jun 03 10:07:12 pinkiepie systemd[1]: Started The Apache Webserver.</screen>
    filtered by specific switches and fields.
   </para>
 
-  <sect2 xml:id="sec-journalctl-filter-boot">
+  <section xml:id="sec-journalctl-filter-boot">
    <title>Filtering based on a boot number</title>
    <para>
     <command>journalctl</command> can filter messages based on a specific
@@ -185,9 +169,9 @@ Jun 03 10:07:12 pinkiepie systemd[1]: Started The Apache Webserver.</screen>
     purpose, use the _BOOT_ID field:
    </para>
 <screen>&prompt.sudo;journalctl _BOOT_ID=156019a44a774a0bb0148a92df4af81b</screen>
-  </sect2>
+  </section>
 
-  <sect2 xml:id="sec-journalctl-filter-time">
+  <section xml:id="sec-journalctl-filter-time">
    <title>Filtering based on time interval</title>
    <para>
     You can filter the output of <command>journalctl</command> by specifying the
@@ -211,9 +195,8 @@ Jun 03 10:07:12 pinkiepie systemd[1]: Started The Apache Webserver.</screen>
     Show all messages since last midnight till 3:20am:
    </para>
 <screen>&prompt.sudo;journalctl --since "today" --until "3:20"</screen>
-  </sect2>
-
-  <sect2 xml:id="sec-journalctl-filter-fields">
+  </section>
+  <section xml:id="sec-journalctl-filter-fields">
    <title>Filtering based on fields</title>
    <para>
     You can filter the output of the journal by specific fields. The syntax of
@@ -233,7 +216,7 @@ Jun 03 10:07:12 pinkiepie systemd[1]: Started The Apache Webserver.</screen>
 <screen># journalctl _UID=1000</screen>
    <para>
     Show messages from the kernel ring buffer (the same as
-    <command>dmesg</command> produces):
+    <command>dmesg</command> displays):
    </para>
 <screen>&prompt.sudo;journalctl _TRANSPORT=kernel</screen>
    <para>
@@ -261,7 +244,6 @@ Jun 03 10:07:12 pinkiepie systemd[1]: Started The Apache Webserver.</screen>
     messages from the D-Bus service:
    </para>
 <screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=1480 + _SYSTEMD_UNIT=dbus.service</screen>
-  </sect2>
-   
- 
+  </section> 
+</section>
 </topic>
diff --git a/tasks/journald-configure.xml b/tasks/journald-configure.xml
index 9b00e086e..4e7bb0f8b 100644
--- a/tasks/journald-configure.xml
+++ b/tasks/journald-configure.xml
@@ -35,10 +35,10 @@ in the assembly -->
         To modify the storage type, modify <command>Storage=auto</command>. </para>
           <para>The available options are: </para>
           <itemizedlist>
-            <listitem><command>volatile</command>: RAM only (clears on reboot).</listitem>
-          <listitem><command>persistent</command>: stored in <filename>/var/log/journal</filename>.</listitem>
-        <listitem><command>auto</command>: persistent if directory exists, otherwise volatile.</listitem>
-        <listitem><command>none</command>: no logs written to disk or memory.</listitem>
+            <listitem><para><guimenu>volatile</guimenu>: RAM only (clears on reboot).</para></listitem>
+          <listitem><para><guimenu>persistent</guimenu>: stored in <filename>/var/log/journal</filename>.</para></listitem>
+        <listitem><para><guimenu>auto</guimenu>: persistent if directory exists, otherwise volatile.</para></listitem>
+        <listitem><para><guimenu>none</guimenu>: no logs written to disk or memory.</para></listitem>
       </itemizedlist>
      <para>If the journal log data is saved to a persistent location, it uses up to 10% of the file system the <filename>/var/log/journal</filename> resides on. For example, if <filename>/var/log/journal</filename> is located on a 30 GB /var partition, the journal may use up to 3 GB of the disk space. To change this limit, change (and uncomment) the <command>SystemMaxUse</command> option: 
        </para><screen>SystemMaxUse=50M
diff --git a/tasks/systemd-journald-troubleshooting.xml b/tasks/systemd-journald-troubleshooting.xml
index a383e16c1..03de90670 100644
--- a/tasks/systemd-journald-troubleshooting.xml
+++ b/tasks/systemd-journald-troubleshooting.xml
@@ -26,14 +26,16 @@ in the assembly -->
   </para>
       </abstract>
   </info>
-<procedure><step><para>Identify the severity and content of the error.The errors are marked with priority level:</para>
+<procedure>
+  <title>Troubleshoot <command>journalctl</command> errors</title>
+  <step><para>Identify the severity and content of the error.The errors are marked with priority level:</para>
 <itemizedlist><listitem><para><guimenu>0-2</guimenu>: <command>emerg, alert, crit</command>: Critical issues, system collapse imminent.</para></listitem>
   <listitem><para><guimenu>3</guimenu>: <command>err (Error)</command>: A service or application failed to complete a requested operation.</para></listitem>
    <listitem><para><guimenu>4</guimenu>: <command>warning </command>: Something undesirable happened but is not an immediate failure.</para></listitem>
  <listitem><para><guimenu>5-7</guimenu>: <command>notice, info, debug</command>: Normal operational information and developer diagnostics.</para></listitem></itemizedlist>
-</step></procedure>
+</step>
 <step><para>Identify the failing unit using the following command:</para>
-<screen>journalctl -u <literal>failing_service_name</literal></screen>
+<screen>journalctl -u &lt;failing_service_name&gt;</screen>
 <para>The lines preceding the termination message includes information on the error.</para>
 <itemizedlist><listitem><para><guimenu>Exit Status</guimenu>: f a service stops, look for a message like Process xxx exited with status 1/FAILURE. A status of 0 is success. Any non-zero status indicates an error. </para></listitem>
   <listitem><para><guimenu>Configuration Errors</guimenu>: Messages containing phrases like No such file or directory, Permission denied, or Address already in use usually point to a problem in the service's configuration file</para></listitem>
@@ -44,9 +46,11 @@ in the assembly -->
 <para>To view all messages from the Apache service during the current boot, with detailed explanations, run the following command:</para>
 <screen>journalctl -u httpd.service -b -xe</screen></step>
 <step><para></para></step>
+</procedure>
 <section>
+  <title>Troubleshoot apache error</title>
 <procedure>
-  <para>
+    <para>
    This section introduces a simple example to illustrate how to find and fix
    the error reported by &systemd; during <command>apache2</command> start-up.
   </para>

From 069b734d2ee061a7ec5dfd3fef313369dd0f1f82 Mon Sep 17 00:00:00 2001
From: Shalaka Harne <shalaka.harne@suse.com>
Date: Mon, 24 Nov 2025 13:16:50 +0530
Subject: [PATCH 09/32] Fixed errors.

---
 concepts/journal-about-journald.xml        | 2 +-
 tasks/journald-configure.xml               | 7 ++++---
 tasks/systemd-journald-troubleshooting.xml | 3 +--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/concepts/journal-about-journald.xml b/concepts/journal-about-journald.xml
index 01b5b75f1..657ef3613 100644
--- a/concepts/journal-about-journald.xml
+++ b/concepts/journal-about-journald.xml
@@ -20,7 +20,7 @@
     <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
     <abstract>
       <para>
-        systemd uses journald as its logging system. All system events are written to the journal, a system service managed by systemd-journald.service (journald).  This allows you to search and manage all system logs. It collects and stores logging data by maintaining structured indexed journals based on logging information received from the kernel, user processes, standard input, and system service errors.
+        <command>systemd</command> uses <command>journald</command> as its logging system. All system events are written to the journal, a system service managed by <command>systemd-journald</command> service.  This allows you to search and manage all system logs. It collects and stores logging data by maintaining structured indexed journals based on logging information received from the kernel, user processes, standard input, and system service errors.
       </para>
     </abstract>
   </info>
diff --git a/tasks/journald-configure.xml b/tasks/journald-configure.xml
index 4e7bb0f8b..f79f54626 100644
--- a/tasks/journald-configure.xml
+++ b/tasks/journald-configure.xml
@@ -22,7 +22,7 @@ in the assembly -->
     <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
     <abstract><!-- can be changed via merge in the assembly -->
       <para>
-       The topic covers the basic configuration of journald. You can configure the basic behavior of systemd-journald service by modifying <filename>/etc/systemd/journald.conf</filename>. After making the changes, you must restart <filename>systemd-journald</filename>. For more information on file description, see <filename>man 5 journald.conf.</filename>.
+       The topic covers the basic configuration of journald. You can configure the basic behavior of <command>systemd-journald</command> service by modifying <filename>/etc/systemd/journald.conf</filename>. After making the changes, you must restart <filename>systemd-journald</filename>. For more information on file description, see <filename>man 5 journald.conf.</filename>.
        </para>
       </abstract>
   </info>
@@ -41,8 +41,9 @@ in the assembly -->
         <listitem><para><guimenu>none</guimenu>: no logs written to disk or memory.</para></listitem>
       </itemizedlist>
      <para>If the journal log data is saved to a persistent location, it uses up to 10% of the file system the <filename>/var/log/journal</filename> resides on. For example, if <filename>/var/log/journal</filename> is located on a 30 GB /var partition, the journal may use up to 3 GB of the disk space. To change this limit, change (and uncomment) the <command>SystemMaxUse</command> option: 
-       </para><screen>SystemMaxUse=50M
-        systemctl restart systemd-journald
+       </para>
+       <screen>SystemMaxUse=50M
+systemctl restart systemd-journald
       </screen>
      </step>
     <step>
diff --git a/tasks/systemd-journald-troubleshooting.xml b/tasks/systemd-journald-troubleshooting.xml
index 03de90670..947dbad35 100644
--- a/tasks/systemd-journald-troubleshooting.xml
+++ b/tasks/systemd-journald-troubleshooting.xml
@@ -45,10 +45,9 @@ in the assembly -->
 <screen>journalctl -xe</screen>
 <para>To view all messages from the Apache service during the current boot, with detailed explanations, run the following command:</para>
 <screen>journalctl -u httpd.service -b -xe</screen></step>
-<step><para></para></step>
 </procedure>
 <section>
-  <title>Troubleshoot apache error</title>
+  <title>Troubleshoot apache2 error</title>
 <procedure>
     <para>
    This section introduces a simple example to illustrate how to find and fix

From 54375550203a4553032351b760992f06b132e551 Mon Sep 17 00:00:00 2001
From: Shalaka Harne <shalaka.harne@suse.com>
Date: Mon, 24 Nov 2025 13:18:22 +0530
Subject: [PATCH 10/32] Fixed errors.

---
 articles/journalctl.asm.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/articles/journalctl.asm.xml b/articles/journalctl.asm.xml
index 89e5060f7..fc4150374 100644
--- a/articles/journalctl.asm.xml
+++ b/articles/journalctl.asm.xml
@@ -35,7 +35,7 @@ xmlns="http://docbook.org/ns/docbook">
 </resources>
 <structure renderas="article" xml:id="sles-journald">
 <merge>
-<title>Viewing logs using <command>journalctl</command></title>
+<title>Viewing <command>systemd-journald</command> logs using <command>journalctl</command></title>
 <!-- History -->
 <revhistory xml:id="rh-sles-journald">
 <revision><date>2025-09-10</date>

From acd67209457cf1d083e4be106e396c1e4d50d1ad Mon Sep 17 00:00:00 2001
From: Shalaka Harne <shalaka.harne@suse.com>
Date: Mon, 24 Nov 2025 13:20:05 +0530
Subject: [PATCH 11/32] Fixed errors.

---
 concepts/journal-about-journald.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/concepts/journal-about-journald.xml b/concepts/journal-about-journald.xml
index 657ef3613..ce899b771 100644
--- a/concepts/journal-about-journald.xml
+++ b/concepts/journal-about-journald.xml
@@ -30,8 +30,8 @@
   <para>The journal records nearly every type of event generated on the system, including Kernel messages, Initrd (initial RAM disk) messages, Service startup/shutdown, Application events, and Authentication and session data. Journal allows centralization and unification of logs from all sources, and it records events in structured manner which in turn helps identifying errors and in crash recovery.</para>
   <para>The <command>journald</command> command collects log data from several sources simultaneously logs are then managed in a structured, binary format within files in <filename>/run/log/journal/</filename> by default. Because the <filename>/run/ directory</filename> is volatile by nature, log data is lost at reboot. To make the log data persistent, create the directory <filename>/var/log/journal/</filename> and make sure it has the correct access modes and ownership, so the <command>systemd-journald</command> service can store its data. To switch to persistent logging, execute the following commands:</para>
   <screen>&prompt.sudo;  mkdir /var/log/journal
-sudo  systemd-tmpfiles --create --prefix=/var/log/journal
-sudo  journalctl --flush</screen>
+&prompt.sudo;  systemd-tmpfiles --create --prefix=/var/log/journal
+&prompt.sudo;  journalctl --flush</screen>
 <para>All log data stored in <filename>/run/log/journal/</filename> are flushed into <filename>/var/log/journal/</filename>.</para>
   <section>
    <title>Journal entry structure</title>

From 1f6a9879772a5b61bcb3b803ef7dd7336232fd17 Mon Sep 17 00:00:00 2001
From: Shalaka Harne <shalaka.harne@suse.com>
Date: Mon, 24 Nov 2025 13:22:07 +0530
Subject: [PATCH 12/32] Fixed errors.

---
 concepts/journal-about-journald.xml | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/concepts/journal-about-journald.xml b/concepts/journal-about-journald.xml
index ce899b771..d095540a6 100644
--- a/concepts/journal-about-journald.xml
+++ b/concepts/journal-about-journald.xml
@@ -121,10 +121,7 @@
       <literal>_SYSTEMD_UNIT=<replaceable>UNIT</replaceable></literal> (see
       <xref linkend="sec-journalctl-filter-fields"/>).
      </para>
-<screen>&prompt.sudo;journalctl -u apache2
-[...]
-Jun 03 10:07:11 pinkiepie systemd[1]: Starting The Apache Webserver...
-Jun 03 10:07:12 pinkiepie systemd[1]: Started The Apache Webserver.</screen>
+<screen>&prompt.sudo;journalctl -u apache2</screen>
     </listitem>
    </varlistentry>
   </variablelist>

From c8d1128e9d8b803160fba16962e097648e497d38 Mon Sep 17 00:00:00 2001
From: Shalaka Harne <shalaka.harne@suse.com>
Date: Mon, 24 Nov 2025 13:26:49 +0530
Subject: [PATCH 13/32] Fixed errors.

---
 concepts/journal-about-journald.xml        | 6 ++----
 tasks/systemd-journald-troubleshooting.xml | 4 ++--
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/concepts/journal-about-journald.xml b/concepts/journal-about-journald.xml
index d095540a6..16706236a 100644
--- a/concepts/journal-about-journald.xml
+++ b/concepts/journal-about-journald.xml
@@ -142,9 +142,7 @@
     <command>journalctl</command> can filter messages based on a specific
     system boot. To list all available boots, run
    </para>
-<screen>&prompt.sudo;journalctl --list-boots
--1 097ed2cd99124a2391d2cffab1b566f0 Mon 2014-05-26 08:36:56 EDT—Fri 2014-05-30 05:33:44 EDT
- 0 156019a44a774a0bb0148a92df4af81b Fri 2014-05-30 05:34:09 EDT—Fri 2014-05-30 06:15:01 EDT</screen>
+<screen>&prompt.sudo;journalctl --list-boots</screen>
    <para>
     The first column lists the boot offset: <literal>0</literal> for the
     current boot, <literal>-1</literal> for the previous one,
@@ -173,7 +171,7 @@
    <para>
     You can filter the output of <command>journalctl</command> by specifying the
     starting and/or ending date. The date specification should be of the format
-    <literal>2014-06-30 9:17:16</literal>. If the time part is omitted, midnight
+    <literal>2025-06-30 9:17:16</literal>. If the time part is omitted, midnight
     is assumed. If seconds are omitted, <literal>:00</literal> is assumed. If
     the date part is omitted, the current day is assumed. Instead of numeric
     expression, you can specify the keywords <literal>yesterday</literal>,
diff --git a/tasks/systemd-journald-troubleshooting.xml b/tasks/systemd-journald-troubleshooting.xml
index 947dbad35..ff0b47542 100644
--- a/tasks/systemd-journald-troubleshooting.xml
+++ b/tasks/systemd-journald-troubleshooting.xml
@@ -67,7 +67,7 @@ Job for apache2.service failed. See 'systemctl status apache2' and 'journalctl -
 <screen>&prompt.sudo;systemctl status apache2
 apache2.service - The Apache Webserver
    Loaded: loaded (/usr/lib/systemd/system/apache2.service; disabled)
-   Active: failed (Result: exit-code) since Tue 2014-06-03 11:08:13 CEST; 7min ago
+   Active: failed (Result: exit-code) since Tue 2025-09-03 11:08:13 EDT; 7min ago
   Process: 11026 ExecStop=/usr/sbin/start_apache2 -D SYSTEMD -DFOREGROUND \
            -k graceful-stop (code=exited, status=1/FAILURE)</screen>
     <para>
@@ -93,7 +93,7 @@ MESSAGE=Invalid command 'DocumenttRoot', perhaps misspelled or defined by a modu
 <screen>&prompt.sudo;systemctl start apache2 &amp;&amp; systemctl status apache2
 apache2.service - The Apache Webserver
    Loaded: loaded (/usr/lib/systemd/system/apache2.service; disabled)
-   Active: active (running) since Tue 2014-06-03 11:26:24 CEST; 4ms ago
+   Active: active (running) since Tue 2025-09-03 11:26:24 EDT; 4ms ago
   Process: 11026 ExecStop=/usr/sbin/start_apache2 -D SYSTEMD -DFOREGROUND
            -k graceful-stop (code=exited, status=1/FAILURE)
  Main PID: 11263 (httpd2-prefork)

From df14ed14861d6cec60d132c2b63b2b8faf51f46f Mon Sep 17 00:00:00 2001
From: Shalaka Harne <135588263+harneshalaka@users.noreply.github.com>
Date: Wed, 26 Nov 2025 18:26:18 +0530
Subject: [PATCH 14/32] Apply suggestions from code review

Co-authored-by: lvicoun <JSindelarova@suse.com>
---
 articles/journalctl.asm.xml         | 2 +-
 concepts/journal-about-journald.xml | 4 ++--
 tasks/journald-configure.xml        | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/articles/journalctl.asm.xml b/articles/journalctl.asm.xml
index fc4150374..1455da048 100644
--- a/articles/journalctl.asm.xml
+++ b/articles/journalctl.asm.xml
@@ -35,7 +35,7 @@ xmlns="http://docbook.org/ns/docbook">
 </resources>
 <structure renderas="article" xml:id="sles-journald">
 <merge>
-<title>Viewing <command>systemd-journald</command> logs using <command>journalctl</command></title>
+<title>Mastering System Logs: From <command>systemd-journald</command> to <command>journalctl</command></title>
 <!-- History -->
 <revhistory xml:id="rh-sles-journald">
 <revision><date>2025-09-10</date>
diff --git a/concepts/journal-about-journald.xml b/concepts/journal-about-journald.xml
index 16706236a..566e38688 100644
--- a/concepts/journal-about-journald.xml
+++ b/concepts/journal-about-journald.xml
@@ -35,7 +35,7 @@
 <para>All log data stored in <filename>/run/log/journal/</filename> are flushed into <filename>/var/log/journal/</filename>.</para>
   <section>
    <title>Journal entry structure</title>
-  <para>Log entry in the journal is a data structure containing the log message and numerous metadata fields,  such as time stamp, source fields, systemd fields,  kernel fields, and priority level.</para>
+  <para>Log entry in the journal is a data structure containing the log message and  metadata fields:</para>
 <itemizedlist><listitem><para>Timestamp: The exact time the event occurred.</para></listitem>
 <listitem><para>Source Fields</para>
 <itemizedlist>
@@ -131,7 +131,7 @@
   <title>Filtering the journal output</title>
 
   <para>
-   When called without switches, <command>journalctl</command> shows the full
+   This section describes how to refine the search in logs according to boot numbers, for specific time interval or to view specific data fields.
    content of the journal, the oldest entries listed first. The output can be
    filtered by specific switches and fields.
   </para>
diff --git a/tasks/journald-configure.xml b/tasks/journald-configure.xml
index f79f54626..0c82daddf 100644
--- a/tasks/journald-configure.xml
+++ b/tasks/journald-configure.xml
@@ -22,7 +22,7 @@ in the assembly -->
     <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
     <abstract><!-- can be changed via merge in the assembly -->
       <para>
-       The topic covers the basic configuration of journald. You can configure the basic behavior of <command>systemd-journald</command> service by modifying <filename>/etc/systemd/journald.conf</filename>. After making the changes, you must restart <filename>systemd-journald</filename>. For more information on file description, see <filename>man 5 journald.conf.</filename>.
+        You can configure the basic behavior of <command>systemd-journald</command> service by modifying <filename>/etc/systemd/journald.conf</filename>. After making the changes, you must restart <filename>systemd-journald</filename>. .
        </para>
       </abstract>
   </info>

From a8351fcabf12717347ebcfccbad65a71c02c7e1f Mon Sep 17 00:00:00 2001
From: Shalaka Harne <shalaka.harne@suse.com>
Date: Wed, 26 Nov 2025 18:58:17 +0530
Subject: [PATCH 15/32] Fixed editorial comments.

---
 articles/journalctl.asm.xml | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/articles/journalctl.asm.xml b/articles/journalctl.asm.xml
index 1455da048..a5cf42738 100644
--- a/articles/journalctl.asm.xml
+++ b/articles/journalctl.asm.xml
@@ -38,7 +38,7 @@ xmlns="http://docbook.org/ns/docbook">
 <title>Mastering System Logs: From <command>systemd-journald</command> to <command>journalctl</command></title>
 <!-- History -->
 <revhistory xml:id="rh-sles-journald">
-<revision><date>2025-09-10</date>
+<revision><date>2025-11-26</date>
 <revdescription>
 <para>
 Initial version
@@ -62,11 +62,11 @@ Initial version
 <productname version="16.0">&sleha;</productname> 
 </meta>
 <!-- Social Media -->
-<meta name="title">View logs using <command>journalctl</command></meta>
+<meta name="title">Mastering System Logs: From <command>systemd-journald</command> to <command>journalctl</command></meta>
 <meta name="description">
 How to view and manage &productnameshort; logs using <command>journalctl</command></meta>
 <!-- Search -->
-<meta name="social-descr">View &productnameshort; logs using <command>journalctl</command></meta>
+<meta name="social-descr">Mastering System Logs: From <command>systemd-journald</command> to <command>journalctl</command></meta>
 <!-- Task -->
 <meta name="task" its:translate="no">
 <phrase>Configuration</phrase>
@@ -105,8 +105,7 @@ You can view and analyze logs from <command>systemd-journald</command> using the
 <term>WHY?</term>
 <listitem>
 <para>
-This article is intended to provide a complete overview of
-tasks that can be performed using the <command>journalctl</command> command-line tool.
+This article is intended to provide a complete overview of tasks that can be performed using the <command>journalctl</command> command-line tool.
 </para>
 </listitem>
 </varlistentry>
@@ -130,11 +129,8 @@ You will be able to view your system logs using <command>journalctl</command>.
 <term>REQUIREMENTS</term>
 <listitem>
 <para>
-To fully view the system-wide logs such as kernel, system services, or other user logs using <command>journalctl</command> command-line tool, you must have
-&sudo; privileges.
+You must have &sudo; privileges.
 </para>
-<para>The <command>systemd-journald</command> service must be running as it collects the logs. </para>
-<para>For persistent logs across reboots, <filename>var/log/journal</filename> file must be available. Volatile logs are saved in <filename>/run/log/journal</filename></para>
 </listitem>
 </varlistentry>
 </variablelist>

From ab0a086c3ddad22eb55694c9108f20571735e7e4 Mon Sep 17 00:00:00 2001
From: Shalaka Harne <shalaka.harne@suse.com>
Date: Thu, 27 Nov 2025 11:32:43 +0530
Subject: [PATCH 16/32] Updated.

---
 concepts/journal-about-journald.xml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/concepts/journal-about-journald.xml b/concepts/journal-about-journald.xml
index 566e38688..bfa73032c 100644
--- a/concepts/journal-about-journald.xml
+++ b/concepts/journal-about-journald.xml
@@ -20,14 +20,13 @@
     <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
     <abstract>
       <para>
-        <command>systemd</command> uses <command>journald</command> as its logging system. All system events are written to the journal, a system service managed by <command>systemd-journald</command> service.  This allows you to search and manage all system logs. It collects and stores logging data by maintaining structured indexed journals based on logging information received from the kernel, user processes, standard input, and system service errors.
-      </para>
+        <command>systemd</command> uses <command>journald</command> as its logging system.</para>
     </abstract>
   </info>
   <para>
     The <command>systemd-journald</command> service is enabled by default.
   </para>
-  <para>The journal records nearly every type of event generated on the system, including Kernel messages, Initrd (initial RAM disk) messages, Service startup/shutdown, Application events, and Authentication and session data. Journal allows centralization and unification of logs from all sources, and it records events in structured manner which in turn helps identifying errors and in crash recovery.</para>
+  <para>All system events are written to the journal, a system service managed by <command>systemd-journald</command> service. This allows you to search and manage all system logs. It collects and stores logging data by maintaining structured indexed journals based on logging information received from the kernel, user processes, standard input, and system service errors. The journal records nearly every type of event generated on the system, including kernel messages, initrd (initial RAM disk) messages, service startup/shutdown, application events, and authentication and session data. Journal allows centralization and unification of logs from all sources, and it records events in structured manner which in turn helps identifying errors and in crash recovery.</para>
   <para>The <command>journald</command> command collects log data from several sources simultaneously logs are then managed in a structured, binary format within files in <filename>/run/log/journal/</filename> by default. Because the <filename>/run/ directory</filename> is volatile by nature, log data is lost at reboot. To make the log data persistent, create the directory <filename>/var/log/journal/</filename> and make sure it has the correct access modes and ownership, so the <command>systemd-journald</command> service can store its data. To switch to persistent logging, execute the following commands:</para>
   <screen>&prompt.sudo;  mkdir /var/log/journal
 &prompt.sudo;  systemd-tmpfiles --create --prefix=/var/log/journal

From 7718321a9c8875b97671c3374ea71e988342d537 Mon Sep 17 00:00:00 2001
From: Shalaka Harne <shalaka.harne@suse.com>
Date: Thu, 27 Nov 2025 15:01:08 +0530
Subject: [PATCH 17/32] Fixed feedback.

---
 concepts/journal-about-journald.xml | 30 +++++++---
 tasks/journald-configure.xml        | 90 +++++++++++++++++++----------
 2 files changed, 82 insertions(+), 38 deletions(-)

diff --git a/concepts/journal-about-journald.xml b/concepts/journal-about-journald.xml
index bfa73032c..bc53fcf9f 100644
--- a/concepts/journal-about-journald.xml
+++ b/concepts/journal-about-journald.xml
@@ -20,21 +20,31 @@
     <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
     <abstract>
       <para>
-        <command>systemd</command> uses <command>journald</command> as its logging system.</para>
-    </abstract>
-  </info>
+        <command>systemd</command> uses <command>journald</command> as its logging system. The <command>systemd-journald</command> service is enabled by default.</para>
+    <para>All system events are written to the journal, a system service managed by <command>systemd-journald</command> service. This allows you to search and manage all system logs. It collects and stores logging data by maintaining structured indexed journals based on logging information received from the kernel, user processes, standard input, and system service errors. The journal records nearly every type of event generated on the system, including kernel messages, initrd (initial RAM disk) messages, service startup/shutdown, application events, and authentication and session data. Journal allows centralization and unification of logs from all sources, and it records events in structured manner which in turn helps identifying errors and in crash recovery.</para>
+   <para><command>journalctl</command> is the command-line tool to view and analyze the logs from the <command>systemd-journald</command> service.</para></abstract>
+  
+   </info>
+  <section xml:id="sec-journalctl-managing">
+  <title><command>journalctl</command>: configuration and structure</title>
+
   <para>
-    The <command>systemd-journald</command> service is enabled by default.
+   This section describes the <command>journalctl</command> location, configuring the location for persistent logs, and the <command>journalctl</command> entry structure.
   </para>
-  <para>All system events are written to the journal, a system service managed by <command>systemd-journald</command> service. This allows you to search and manage all system logs. It collects and stores logging data by maintaining structured indexed journals based on logging information received from the kernel, user processes, standard input, and system service errors. The journal records nearly every type of event generated on the system, including kernel messages, initrd (initial RAM disk) messages, service startup/shutdown, application events, and authentication and session data. Journal allows centralization and unification of logs from all sources, and it records events in structured manner which in turn helps identifying errors and in crash recovery.</para>
-  <para>The <command>journald</command> command collects log data from several sources simultaneously logs are then managed in a structured, binary format within files in <filename>/run/log/journal/</filename> by default. Because the <filename>/run/ directory</filename> is volatile by nature, log data is lost at reboot. To make the log data persistent, create the directory <filename>/var/log/journal/</filename> and make sure it has the correct access modes and ownership, so the <command>systemd-journald</command> service can store its data. To switch to persistent logging, execute the following commands:</para>
+<itemizedlist>
+<listitem><para>Verify the logs location:</para>
+<screen>&prompt.sudo; ls /var/log/journal
+&prompt.sudo; ls /run/log/journal
+</screen>
+  <para>The <command>journald</command> command collects log data from several sources simultaneously logs and are then managed in a structured, binary format within files in <filename>/run/log/journal/</filename> by default. Because the <filename>/run/ directory</filename> is volatile by nature, log data is lost at reboot. To make the log data persistent, create a directory <filename>/var/log/journal/</filename> so the <command>systemd-journald</command> service can store its data. To switch to persistent logging across reboots, create <filename>/var/log/journal</filename>:</para>
   <screen>&prompt.sudo;  mkdir /var/log/journal
 &prompt.sudo;  systemd-tmpfiles --create --prefix=/var/log/journal
 &prompt.sudo;  journalctl --flush</screen>
 <para>All log data stored in <filename>/run/log/journal/</filename> are flushed into <filename>/var/log/journal/</filename>.</para>
-  <section>
-   <title>Journal entry structure</title>
-  <para>Log entry in the journal is a data structure containing the log message and  metadata fields:</para>
+</listitem>
+<listitem><para>View the journal entry structure:</para>
+<screen>&prompt.sudo; journalctl -n 1 -o verbose</screen>
+<para>Log entry in the journal is a data structure containing the log message and  metadata fields:</para>
 <itemizedlist><listitem><para>Timestamp: The exact time the event occurred.</para></listitem>
 <listitem><para>Source Fields</para>
 <itemizedlist>
@@ -56,6 +66,8 @@
 </itemizedlist>
 </listitem><listitem><para>Priority level: A numeric value indicating the severity of the message (0=emerg, 7=debug).</para></listitem>
 </itemizedlist>
+</listitem>
+</itemizedlist>
 </section>
  <section xml:id="sec-journalctl-usage">
   <title><command>journalctl</command> usage</title>
diff --git a/tasks/journald-configure.xml b/tasks/journald-configure.xml
index 0c82daddf..29d5b1ab3 100644
--- a/tasks/journald-configure.xml
+++ b/tasks/journald-configure.xml
@@ -16,57 +16,89 @@
  xmlns:xlink="http://www.w3.org/1999/xlink"
  xmlns:trans="http://docbook.org/ns/transclusion">
   <info>
-    <title>Configuring journald</title><!-- can be changed via merge
+    <title>Configuring <command>systemd-journald</command></title><!-- can be changed via merge
 in the assembly -->
     <!-- add author's e-mail -->
     <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
     <abstract><!-- can be changed via merge in the assembly -->
       <para>
-        You can configure the basic behavior of <command>systemd-journald</command> service by modifying <filename>/etc/systemd/journald.conf</filename>. After making the changes, you must restart <filename>systemd-journald</filename>. .
-       </para>
+        You can configure the basic behavior of <command>systemd-journald</command> service by modifying <filename>/etc/systemd/journald.conf</filename>.</para>
       </abstract>
   </info>
   <para>
-    To configure journald, proceed as follows:
+    To configure <command>systemd-journald</command>, proceed as follows:
   </para>
   <procedure>
+    <title>Configuring <command>systemd-journald</command></title>
     <step>
+      <para>Open the <command>systemd-journald</command> configuration file:</para>
+<screen>&prompt.sudo; vi /etc/systemd/journald.conf</screen>
+<screen>[Journal]
+
+# Store journals on disk so logs survive reboot
+Storage=persistent
+
+# Disk space limits
+SystemMaxUse=2G
+SystemKeepFree=10%
+
+# Per-file max size
+SystemMaxFileSize=200M
+
+# RAM (runtime) journal limits
+RuntimeMaxUse=500M
+RuntimeKeepFree=10%
+
+# Log retention
+MaxRetentionSec=4weeks
+
+# Compression for old logs
+Compress=yes
+
+# Optional: also forward to rsyslog/syslog
+ForwardToSyslog=yes</screen>
+</step>
+<step>
+  <para>Modify the configurations:</para>
+    <itemizedlist>
+      <listitem>
       <para>
-        To modify the storage type, modify <command>Storage=auto</command>. </para>
+        To modify the storage type, modify <command>Storage=auto</command>.</para>
           <para>The available options are: </para>
           <itemizedlist>
             <listitem><para><guimenu>volatile</guimenu>: RAM only (clears on reboot).</para></listitem>
-          <listitem><para><guimenu>persistent</guimenu>: stored in <filename>/var/log/journal</filename>.</para></listitem>
-        <listitem><para><guimenu>auto</guimenu>: persistent if directory exists, otherwise volatile.</para></listitem>
-        <listitem><para><guimenu>none</guimenu>: no logs written to disk or memory.</para></listitem>
-      </itemizedlist>
-     <para>If the journal log data is saved to a persistent location, it uses up to 10% of the file system the <filename>/var/log/journal</filename> resides on. For example, if <filename>/var/log/journal</filename> is located on a 30 GB /var partition, the journal may use up to 3 GB of the disk space. To change this limit, change (and uncomment) the <command>SystemMaxUse</command> option: 
-       </para>
-       <screen>SystemMaxUse=50M
-systemctl restart systemd-journald
-      </screen>
-     </step>
-    <step>
-      <para>
-        To limit logs rate to prevent flooding logs:
-        </para>
+            <listitem><para><guimenu>persistent</guimenu>: stored in <filename>/var/log/journal</filename>.</para></listitem>
+            <listitem><para><guimenu>auto</guimenu>: persistent if directory exists, otherwise volatile.</para></listitem>
+            <listitem><para><guimenu>none</guimenu>: no logs written to disk or memory.</para></listitem>
+          </itemizedlist>
+          <para>If the journal log data is saved to a persistent location, it uses up to 10% of the file system the <filename>/var/log/journal</filename> resides on. For example, if <filename>/var/log/journal</filename> is located on a 30 GB /var partition, the journal may use up to 3 GB of the disk space. To change this limit, change (and uncomment) the <command>SystemMaxUse</command> option:</para>
+     <screen>SystemMaxUse=50M
+&prompt.sudo; systemctl restart systemd-journald</screen>
+      </listitem>
+      <listitem>
+      <para>To limit logs rate to prevent flooding logs:</para>
         <screen>RateLimitIntervalSec=30s
 RateLimitBurst=1000</screen>
-    </step>
-    <step>
+    </listitem>
+    <listitem>
       <para>
         To send the journal to a terminal device to inform you about system messages on a preferred terminal screen, for example <filename>/dev/tty12</filename>:
        </para>
        <screen>ForwardToConsole=yes
 TTYPath=/dev/tty12</screen>
-      </step>
-      <step>
+      </listitem>
+      <listitem>
         <para>To forward logs to syslog, modify <command>ForwardToSyslog=yes</command>.Journald is backward compatible with traditional syslog implementations such as rsyslog.</para>
-      <itemizedlist>
-        <listitem><para>Install rsyslog</para><screen>rpm -q rsyslog</screen></listitem>
-        <listitem><para>Enable rsyslog</para><screen>systemctl is-enabled rsyslog</screen></listitem>
-        <listitem><para>Enable forwarding to rsyslog in  in <filename>/etc/systemd/journald.conf</filename></para><screen>ForwardToSyslog=yes</screen></listitem>
-      </itemizedlist>
-      </step>
+        <itemizedlist>
+          <listitem><para>Install rsyslog</para><screen>rpm -q rsyslog</screen></listitem>
+          <listitem><para>Enable rsyslog</para><screen>systemctl is-enabled rsyslog</screen></listitem>
+          <listitem><para>Enable forwarding to rsyslog in  in <filename>/etc/systemd/journald.conf</filename></para><screen>ForwardToSyslog=yes</screen></listitem>
+        </itemizedlist>
+      </listitem>
+    </itemizedlist>
+    </step>
+    <step><para>Save and restart <command>systemd-journald</command>.</para>
+    <screen>&prompt.sudo; systemctl restart systemd-journald</screen>
+    </step>
   </procedure>
 </topic>

From ae6297d9b11b147d04c4ec3b88e46c62e0ebe77b Mon Sep 17 00:00:00 2001
From: Shalaka Harne <shalaka.harne@suse.com>
Date: Thu, 27 Nov 2025 15:11:46 +0530
Subject: [PATCH 18/32] Fixed feedback.

---
 articles/journalctl.asm.xml         |   7 +-
 concepts/journal-about-journald.xml |  69 -------------------
 references/journalctl-usage.xml     | 103 ++++++++++++++++++++++++++++
 tasks/journald-configure.xml        |   1 +
 4 files changed, 108 insertions(+), 72 deletions(-)
 create mode 100644 references/journalctl-usage.xml

diff --git a/articles/journalctl.asm.xml b/articles/journalctl.asm.xml
index a5cf42738..5f3e33f0d 100644
--- a/articles/journalctl.asm.xml
+++ b/articles/journalctl.asm.xml
@@ -20,9 +20,9 @@ xmlns="http://docbook.org/ns/docbook">
 <!-- tasks--> 
 <resource href="../tasks/journald-configure.xml" xml:id="_journald-configure"/> 
 <resource href="../tasks/systemd-journald-troubleshooting.xml" xml:id="_systemd-journald-troubleshooting"/> 
-<!-- references
-<resource href="../references/cockpit-logs.xml" xml:id="_cockpit-logs-reference"/> 
---></resources>
+<!-- references-->
+<resource href="../references/journalctl-usage.xml" xml:id="_journalctl-usage"/> 
+</resources>
 
 <!-- Appendix -->
 <resources>
@@ -138,6 +138,7 @@ You must have &sudo; privileges.
 </merge>
 <module renderas="section" resourceref="_journal-about-journald"/>
 <module renderas="section" resourceref="_journald-configure"/>
+<module renderas="section" resourceref="journalctl-usage"/>
 <module renderas="section" resourceref="_systemd-journald-troubleshooting"/>
 <module resourceref="_legal"/>
 <module resourceref="_gfdl">
diff --git a/concepts/journal-about-journald.xml b/concepts/journal-about-journald.xml
index bc53fcf9f..ca2b5ca7d 100644
--- a/concepts/journal-about-journald.xml
+++ b/concepts/journal-about-journald.xml
@@ -68,75 +68,6 @@
 </itemizedlist>
 </listitem>
 </itemizedlist>
-</section>
- <section xml:id="sec-journalctl-usage">
-  <title><command>journalctl</command> usage</title>
-
-  <para>
-   Running the <command>journalctl</command> without any options displays all logged messages, usually starting from the oldest, and pipes the output through a pager (like less) for easy navigation.
-  </para>
-<para>Listed below are the common  useful options to enhance the default <command>journalctl</command> behavior. All switches are described in the <command>journalctl</command> man page, man 1 <command>journalctl</command>. </para>
-  <tip>
-   <title>Messages related to a specific executable</title>
-   <para>
-    To show all journal messages related to a specific executable, specify the
-    full path to the executable:
-   </para>
-<screen>&prompt.sudo;journalctl /usr/lib/systemd/systemd</screen>
-  </tip>
-
-  <variablelist>
-   <varlistentry>
-    <term>-f</term>
-    <listitem>
-     <para>
-      Shows only the most recent journal messages, and prints new log entries
-      as they are added to the journal.
-     </para>
-    </listitem>
-   </varlistentry>
-   <varlistentry>
-    <term/>
-    <listitem>
-     <para>
-      Prints the messages and jumps to the end of the journal, so that the
-      latest entries are visible within the pager.
-     </para>
-    </listitem>
-   </varlistentry>
-   <varlistentry>
-    <term>-r</term>
-    <listitem>
-     <para>
-      Prints the messages of the journal in reverse order, so that the latest
-      entries are listed first.
-     </para>
-    </listitem>
-   </varlistentry>
-   <varlistentry>
-    <term>-k</term>
-    <listitem>
-     <para>
-      Shows only kernel messages. This is equivalent to the field match
-      <literal>_TRANSPORT=kernel</literal> (see
-      <xref linkend="sec-journalctl-filter-fields"/>).
-     </para>
-    </listitem>
-   </varlistentry>
-   <varlistentry>
-    <term>-u</term>
-    <listitem>
-     <para>
-      Shows only messages for the specified &systemd; unit. This is equivalent
-      to the field match
-      <literal>_SYSTEMD_UNIT=<replaceable>UNIT</replaceable></literal> (see
-      <xref linkend="sec-journalctl-filter-fields"/>).
-     </para>
-<screen>&prompt.sudo;journalctl -u apache2</screen>
-    </listitem>
-   </varlistentry>
-  </variablelist>
-  <para/>
 </section>
   <section xml:id="sec-journalctl-filter">
   <title>Filtering the journal output</title>
diff --git a/references/journalctl-usage.xml b/references/journalctl-usage.xml
new file mode 100644
index 000000000..3fb8fbceb
--- /dev/null
+++ b/references/journalctl-usage.xml
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE topic
+[
+  <!ENTITY % entities SYSTEM "../common/generic-entities.ent">
+    %entities;
+]>
+<!-- refers to legacy doc: <add github link to legacy doc piece, if applicable> -->
+<!-- point back to this document with a similar comment added to your legacy doc piece -->
+<!-- refer to README.md for file and id naming conventions -->
+<!-- metadata is dealt with on the assembly level -->
+
+<topic xml:id="journalctl-usage"
+ role="reference" xml:lang="en"
+ xmlns="http://docbook.org/ns/docbook" version="5.2"
+ xmlns:its="http://www.w3.org/2005/11/its"
+ xmlns:xi="http://www.w3.org/2001/XInclude"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:trans="http://docbook.org/ns/transclusion">
+
+ <info>
+  <title><command>journalctl</command> usage</title>
+  <abstract>
+    <para>
+   Running the <command>journalctl</command> without any options displays all logged messages, usually starting from the oldest, and pipes the output through a pager (like less) for easy navigation.
+  </para>
+  </abstract>
+  <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
+ </info>
+
+ <para>
+   You can run the <command>journalctl</command>:
+  </para>
+
+   <section xml:id="sec-journalctl-usage">
+  <title>Using <command>journalctl</command>sage</title>
+
+  <para>
+   Running the <command>journalctl</command> without any options displays all logged messages, usually starting from the oldest, and pipes the output through a pager (like less) for easy navigation.
+  </para>
+<para>Listed below are the common  useful options to enhance the default <command>journalctl</command> behavior. All switches are described in the <command>journalctl</command> man page, man 1 <command>journalctl</command>. </para>
+  <tip>
+   <title>Messages related to a specific executable</title>
+   <para>
+    To show all journal messages related to a specific executable, specify the
+    full path to the executable:
+   </para>
+<screen>&prompt.sudo;journalctl /usr/lib/systemd/systemd</screen>
+  </tip>
+
+  <variablelist>
+   <varlistentry>
+    <term>-f</term>
+    <listitem>
+     <para>
+      Shows only the most recent journal messages, and prints new log entries
+      as they are added to the journal.
+     </para>
+    </listitem>
+   </varlistentry>
+   <varlistentry>
+    <term/>
+    <listitem>
+     <para>
+      Prints the messages and jumps to the end of the journal, so that the
+      latest entries are visible within the pager.
+     </para>
+    </listitem>
+   </varlistentry>
+   <varlistentry>
+    <term>-r</term>
+    <listitem>
+     <para>
+      Prints the messages of the journal in reverse order, so that the latest
+      entries are listed first.
+     </para>
+    </listitem>
+   </varlistentry>
+   <varlistentry>
+    <term>-k</term>
+    <listitem>
+     <para>
+      Shows only kernel messages. This is equivalent to the field match
+      <literal>_TRANSPORT=kernel</literal> (see
+      <xref linkend="sec-journalctl-filter-fields"/>).
+     </para>
+    </listitem>
+   </varlistentry>
+   <varlistentry>
+    <term>-u</term>
+    <listitem>
+     <para>
+      Shows only messages for the specified &systemd; unit. This is equivalent
+      to the field match
+      <literal>_SYSTEMD_UNIT=<replaceable>UNIT</replaceable></literal> (see
+      <xref linkend="sec-journalctl-filter-fields"/>).
+     </para>
+<screen>&prompt.sudo;journalctl -u apache2</screen>
+    </listitem>
+   </varlistentry>
+  </variablelist>
+  <para/>
+</section>
+</topic>
diff --git a/tasks/journald-configure.xml b/tasks/journald-configure.xml
index 29d5b1ab3..e173259f4 100644
--- a/tasks/journald-configure.xml
+++ b/tasks/journald-configure.xml
@@ -94,6 +94,7 @@ TTYPath=/dev/tty12</screen>
           <listitem><para>Enable rsyslog</para><screen>systemctl is-enabled rsyslog</screen></listitem>
           <listitem><para>Enable forwarding to rsyslog in  in <filename>/etc/systemd/journald.conf</filename></para><screen>ForwardToSyslog=yes</screen></listitem>
         </itemizedlist>
+        <para>For more information on file description, see <command>man 5 journald.conf</command>.</para>
       </listitem>
     </itemizedlist>
     </step>

From f3f480eb5b9e1eaad20c8fef720da50b37141572 Mon Sep 17 00:00:00 2001
From: Shalaka Harne <shalaka.harne@suse.com>
Date: Thu, 27 Nov 2025 15:18:53 +0530
Subject: [PATCH 19/32] Fixed errors.

---
 articles/journalctl.asm.xml         | 2 +-
 concepts/journal-about-journald.xml | 3 +--
 references/journalctl-usage.xml     | 3 ---
 3 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/articles/journalctl.asm.xml b/articles/journalctl.asm.xml
index 5f3e33f0d..1961184ea 100644
--- a/articles/journalctl.asm.xml
+++ b/articles/journalctl.asm.xml
@@ -138,7 +138,7 @@ You must have &sudo; privileges.
 </merge>
 <module renderas="section" resourceref="_journal-about-journald"/>
 <module renderas="section" resourceref="_journald-configure"/>
-<module renderas="section" resourceref="journalctl-usage"/>
+<module renderas="section" resourceref="_journalctl-usage"/>
 <module renderas="section" resourceref="_systemd-journald-troubleshooting"/>
 <module resourceref="_legal"/>
 <module resourceref="_gfdl">
diff --git a/concepts/journal-about-journald.xml b/concepts/journal-about-journald.xml
index ca2b5ca7d..ff2c7397f 100644
--- a/concepts/journal-about-journald.xml
+++ b/concepts/journal-about-journald.xml
@@ -69,7 +69,7 @@
 </listitem>
 </itemizedlist>
 </section>
-  <section xml:id="sec-journalctl-filter">
+<section xml:id="sec-journalctl-filter">
   <title>Filtering the journal output</title>
 
   <para>
@@ -77,7 +77,6 @@
    content of the journal, the oldest entries listed first. The output can be
    filtered by specific switches and fields.
   </para>
-
   <section xml:id="sec-journalctl-filter-boot">
    <title>Filtering based on a boot number</title>
    <para>
diff --git a/references/journalctl-usage.xml b/references/journalctl-usage.xml
index 3fb8fbceb..548534a3a 100644
--- a/references/journalctl-usage.xml
+++ b/references/journalctl-usage.xml
@@ -30,10 +30,8 @@
  <para>
    You can run the <command>journalctl</command>:
   </para>
-
    <section xml:id="sec-journalctl-usage">
   <title>Using <command>journalctl</command>sage</title>
-
   <para>
    Running the <command>journalctl</command> without any options displays all logged messages, usually starting from the oldest, and pipes the output through a pager (like less) for easy navigation.
   </para>
@@ -46,7 +44,6 @@
    </para>
 <screen>&prompt.sudo;journalctl /usr/lib/systemd/systemd</screen>
   </tip>
-
   <variablelist>
    <varlistentry>
     <term>-f</term>

From 8dcc2e714ba687dbdac7eddf7c1a2ef68f3abfac Mon Sep 17 00:00:00 2001
From: Shalaka Harne <shalaka.harne@suse.com>
Date: Fri, 28 Nov 2025 13:25:09 +0530
Subject: [PATCH 20/32] Moved contents from concept.

---
 tasks/journald-filter-journals.xml | 37 ++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 tasks/journald-filter-journals.xml

diff --git a/tasks/journald-filter-journals.xml b/tasks/journald-filter-journals.xml
new file mode 100644
index 000000000..1e74a32fb
--- /dev/null
+++ b/tasks/journald-filter-journals.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE topic
+[
+  <!ENTITY % entities SYSTEM "../common/generic-entities.ent">
+    %entities;
+]>
+<!-- refers to legacy doc: <add github link to legacy doc piece, if applicable> -->
+<!-- point back to this document with a similar comment added to your legacy doc piece -->
+<!-- refer to README.md for file and id naming conventions -->
+<!-- metadata is dealt with on the assembly level -->
+<topic xml:id="journal-configure-journald"
+ role="task" xml:lang="en"
+ xmlns="http://docbook.org/ns/docbook" version="5.2"
+ xmlns:its="http://www.w3.org/2005/11/its"
+ xmlns:xi="http://www.w3.org/2001/XInclude"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:trans="http://docbook.org/ns/transclusion">
+  <info>
+    <title>Filter the journal output</title><!-- can be changed via merge
+in the assembly -->
+    <!-- add author's e-mail -->
+    <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
+    <abstract><!-- can be changed via merge in the assembly -->
+      <para>
+   This section describes how to refine the search in logs according to boot numbers, for specific time interval or to view specific data fields.
+   content of the journal, the oldest entries listed first. The output can be
+   filtered by specific switches and fields.
+  </para></abstract>
+  </info>
+  <para>
+    You can filter journals based on boot number, time interval, and fields.
+  </para>
+  <procedure>
+    <title>Filtering journals</title>
+    
+  </procedure>
+</topic>

From c0bc7b5578a8803212b0b5d2975cc0543ed45b3c Mon Sep 17 00:00:00 2001
From: Shalaka Harne <135588263+harneshalaka@users.noreply.github.com>
Date: Wed, 26 Nov 2025 18:26:18 +0530
Subject: [PATCH 21/32] Co-authored-by: lvicoun <JSindelarova@suse.com> Fixed
 editorial comments.

---
 articles/journalctl.asm.xml         |  23 +++---
 concepts/journal-about-journald.xml | 105 ++++++----------------------
 references/journalctl-usage.xml     | 100 ++++++++++++++++++++++++++
 tasks/journald-configure.xml        |  91 ++++++++++++++++--------
 tasks/journald-filter-journals.xml  |  37 ++++++++++
 5 files changed, 232 insertions(+), 124 deletions(-)
 create mode 100644 references/journalctl-usage.xml
 create mode 100644 tasks/journald-filter-journals.xml

diff --git a/articles/journalctl.asm.xml b/articles/journalctl.asm.xml
index fc4150374..1961184ea 100644
--- a/articles/journalctl.asm.xml
+++ b/articles/journalctl.asm.xml
@@ -20,9 +20,9 @@ xmlns="http://docbook.org/ns/docbook">
 <!-- tasks--> 
 <resource href="../tasks/journald-configure.xml" xml:id="_journald-configure"/> 
 <resource href="../tasks/systemd-journald-troubleshooting.xml" xml:id="_systemd-journald-troubleshooting"/> 
-<!-- references
-<resource href="../references/cockpit-logs.xml" xml:id="_cockpit-logs-reference"/> 
---></resources>
+<!-- references-->
+<resource href="../references/journalctl-usage.xml" xml:id="_journalctl-usage"/> 
+</resources>
 
 <!-- Appendix -->
 <resources>
@@ -35,10 +35,10 @@ xmlns="http://docbook.org/ns/docbook">
 </resources>
 <structure renderas="article" xml:id="sles-journald">
 <merge>
-<title>Viewing <command>systemd-journald</command> logs using <command>journalctl</command></title>
+<title>Mastering System Logs: From <command>systemd-journald</command> to <command>journalctl</command></title>
 <!-- History -->
 <revhistory xml:id="rh-sles-journald">
-<revision><date>2025-09-10</date>
+<revision><date>2025-11-26</date>
 <revdescription>
 <para>
 Initial version
@@ -62,11 +62,11 @@ Initial version
 <productname version="16.0">&sleha;</productname> 
 </meta>
 <!-- Social Media -->
-<meta name="title">View logs using <command>journalctl</command></meta>
+<meta name="title">Mastering System Logs: From <command>systemd-journald</command> to <command>journalctl</command></meta>
 <meta name="description">
 How to view and manage &productnameshort; logs using <command>journalctl</command></meta>
 <!-- Search -->
-<meta name="social-descr">View &productnameshort; logs using <command>journalctl</command></meta>
+<meta name="social-descr">Mastering System Logs: From <command>systemd-journald</command> to <command>journalctl</command></meta>
 <!-- Task -->
 <meta name="task" its:translate="no">
 <phrase>Configuration</phrase>
@@ -105,8 +105,7 @@ You can view and analyze logs from <command>systemd-journald</command> using the
 <term>WHY?</term>
 <listitem>
 <para>
-This article is intended to provide a complete overview of
-tasks that can be performed using the <command>journalctl</command> command-line tool.
+This article is intended to provide a complete overview of tasks that can be performed using the <command>journalctl</command> command-line tool.
 </para>
 </listitem>
 </varlistentry>
@@ -130,11 +129,8 @@ You will be able to view your system logs using <command>journalctl</command>.
 <term>REQUIREMENTS</term>
 <listitem>
 <para>
-To fully view the system-wide logs such as kernel, system services, or other user logs using <command>journalctl</command> command-line tool, you must have
-&sudo; privileges.
+You must have &sudo; privileges.
 </para>
-<para>The <command>systemd-journald</command> service must be running as it collects the logs. </para>
-<para>For persistent logs across reboots, <filename>var/log/journal</filename> file must be available. Volatile logs are saved in <filename>/run/log/journal</filename></para>
 </listitem>
 </varlistentry>
 </variablelist>
@@ -142,6 +138,7 @@ To fully view the system-wide logs such as kernel, system services, or other use
 </merge>
 <module renderas="section" resourceref="_journal-about-journald"/>
 <module renderas="section" resourceref="_journald-configure"/>
+<module renderas="section" resourceref="_journalctl-usage"/>
 <module renderas="section" resourceref="_systemd-journald-troubleshooting"/>
 <module resourceref="_legal"/>
 <module resourceref="_gfdl">
diff --git a/concepts/journal-about-journald.xml b/concepts/journal-about-journald.xml
index 16706236a..ff2c7397f 100644
--- a/concepts/journal-about-journald.xml
+++ b/concepts/journal-about-journald.xml
@@ -20,22 +20,31 @@
     <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
     <abstract>
       <para>
-        <command>systemd</command> uses <command>journald</command> as its logging system. All system events are written to the journal, a system service managed by <command>systemd-journald</command> service.  This allows you to search and manage all system logs. It collects and stores logging data by maintaining structured indexed journals based on logging information received from the kernel, user processes, standard input, and system service errors.
-      </para>
-    </abstract>
-  </info>
+        <command>systemd</command> uses <command>journald</command> as its logging system. The <command>systemd-journald</command> service is enabled by default.</para>
+    <para>All system events are written to the journal, a system service managed by <command>systemd-journald</command> service. This allows you to search and manage all system logs. It collects and stores logging data by maintaining structured indexed journals based on logging information received from the kernel, user processes, standard input, and system service errors. The journal records nearly every type of event generated on the system, including kernel messages, initrd (initial RAM disk) messages, service startup/shutdown, application events, and authentication and session data. Journal allows centralization and unification of logs from all sources, and it records events in structured manner which in turn helps identifying errors and in crash recovery.</para>
+   <para><command>journalctl</command> is the command-line tool to view and analyze the logs from the <command>systemd-journald</command> service.</para></abstract>
+  
+   </info>
+  <section xml:id="sec-journalctl-managing">
+  <title><command>journalctl</command>: configuration and structure</title>
+
   <para>
-    The <command>systemd-journald</command> service is enabled by default.
+   This section describes the <command>journalctl</command> location, configuring the location for persistent logs, and the <command>journalctl</command> entry structure.
   </para>
-  <para>The journal records nearly every type of event generated on the system, including Kernel messages, Initrd (initial RAM disk) messages, Service startup/shutdown, Application events, and Authentication and session data. Journal allows centralization and unification of logs from all sources, and it records events in structured manner which in turn helps identifying errors and in crash recovery.</para>
-  <para>The <command>journald</command> command collects log data from several sources simultaneously logs are then managed in a structured, binary format within files in <filename>/run/log/journal/</filename> by default. Because the <filename>/run/ directory</filename> is volatile by nature, log data is lost at reboot. To make the log data persistent, create the directory <filename>/var/log/journal/</filename> and make sure it has the correct access modes and ownership, so the <command>systemd-journald</command> service can store its data. To switch to persistent logging, execute the following commands:</para>
+<itemizedlist>
+<listitem><para>Verify the logs location:</para>
+<screen>&prompt.sudo; ls /var/log/journal
+&prompt.sudo; ls /run/log/journal
+</screen>
+  <para>The <command>journald</command> command collects log data from several sources simultaneously logs and are then managed in a structured, binary format within files in <filename>/run/log/journal/</filename> by default. Because the <filename>/run/ directory</filename> is volatile by nature, log data is lost at reboot. To make the log data persistent, create a directory <filename>/var/log/journal/</filename> so the <command>systemd-journald</command> service can store its data. To switch to persistent logging across reboots, create <filename>/var/log/journal</filename>:</para>
   <screen>&prompt.sudo;  mkdir /var/log/journal
 &prompt.sudo;  systemd-tmpfiles --create --prefix=/var/log/journal
 &prompt.sudo;  journalctl --flush</screen>
 <para>All log data stored in <filename>/run/log/journal/</filename> are flushed into <filename>/var/log/journal/</filename>.</para>
-  <section>
-   <title>Journal entry structure</title>
-  <para>Log entry in the journal is a data structure containing the log message and numerous metadata fields,  such as time stamp, source fields, systemd fields,  kernel fields, and priority level.</para>
+</listitem>
+<listitem><para>View the journal entry structure:</para>
+<screen>&prompt.sudo; journalctl -n 1 -o verbose</screen>
+<para>Log entry in the journal is a data structure containing the log message and  metadata fields:</para>
 <itemizedlist><listitem><para>Timestamp: The exact time the event occurred.</para></listitem>
 <listitem><para>Source Fields</para>
 <itemizedlist>
@@ -57,85 +66,17 @@
 </itemizedlist>
 </listitem><listitem><para>Priority level: A numeric value indicating the severity of the message (0=emerg, 7=debug).</para></listitem>
 </itemizedlist>
+</listitem>
+</itemizedlist>
 </section>
- <section xml:id="sec-journalctl-usage">
-  <title><command>journalctl</command> usage</title>
-
-  <para>
-   Running the <command>journalctl</command> without any options displays all logged messages, usually starting from the oldest, and pipes the output through a pager (like less) for easy navigation.
-  </para>
-<para>Listed below are the common  useful options to enhance the default <command>journalctl</command> behavior. All switches are described in the <command>journalctl</command> man page, man 1 <command>journalctl</command>. </para>
-  <tip>
-   <title>Messages related to a specific executable</title>
-   <para>
-    To show all journal messages related to a specific executable, specify the
-    full path to the executable:
-   </para>
-<screen>&prompt.sudo;journalctl /usr/lib/systemd/systemd</screen>
-  </tip>
-
-  <variablelist>
-   <varlistentry>
-    <term>-f</term>
-    <listitem>
-     <para>
-      Shows only the most recent journal messages, and prints new log entries
-      as they are added to the journal.
-     </para>
-    </listitem>
-   </varlistentry>
-   <varlistentry>
-    <term/>
-    <listitem>
-     <para>
-      Prints the messages and jumps to the end of the journal, so that the
-      latest entries are visible within the pager.
-     </para>
-    </listitem>
-   </varlistentry>
-   <varlistentry>
-    <term>-r</term>
-    <listitem>
-     <para>
-      Prints the messages of the journal in reverse order, so that the latest
-      entries are listed first.
-     </para>
-    </listitem>
-   </varlistentry>
-   <varlistentry>
-    <term>-k</term>
-    <listitem>
-     <para>
-      Shows only kernel messages. This is equivalent to the field match
-      <literal>_TRANSPORT=kernel</literal> (see
-      <xref linkend="sec-journalctl-filter-fields"/>).
-     </para>
-    </listitem>
-   </varlistentry>
-   <varlistentry>
-    <term>-u</term>
-    <listitem>
-     <para>
-      Shows only messages for the specified &systemd; unit. This is equivalent
-      to the field match
-      <literal>_SYSTEMD_UNIT=<replaceable>UNIT</replaceable></literal> (see
-      <xref linkend="sec-journalctl-filter-fields"/>).
-     </para>
-<screen>&prompt.sudo;journalctl -u apache2</screen>
-    </listitem>
-   </varlistentry>
-  </variablelist>
-  <para/>
-</section>
-  <section xml:id="sec-journalctl-filter">
+<section xml:id="sec-journalctl-filter">
   <title>Filtering the journal output</title>
 
   <para>
-   When called without switches, <command>journalctl</command> shows the full
+   This section describes how to refine the search in logs according to boot numbers, for specific time interval or to view specific data fields.
    content of the journal, the oldest entries listed first. The output can be
    filtered by specific switches and fields.
   </para>
-
   <section xml:id="sec-journalctl-filter-boot">
    <title>Filtering based on a boot number</title>
    <para>
diff --git a/references/journalctl-usage.xml b/references/journalctl-usage.xml
new file mode 100644
index 000000000..548534a3a
--- /dev/null
+++ b/references/journalctl-usage.xml
@@ -0,0 +1,100 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE topic
+[
+  <!ENTITY % entities SYSTEM "../common/generic-entities.ent">
+    %entities;
+]>
+<!-- refers to legacy doc: <add github link to legacy doc piece, if applicable> -->
+<!-- point back to this document with a similar comment added to your legacy doc piece -->
+<!-- refer to README.md for file and id naming conventions -->
+<!-- metadata is dealt with on the assembly level -->
+
+<topic xml:id="journalctl-usage"
+ role="reference" xml:lang="en"
+ xmlns="http://docbook.org/ns/docbook" version="5.2"
+ xmlns:its="http://www.w3.org/2005/11/its"
+ xmlns:xi="http://www.w3.org/2001/XInclude"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:trans="http://docbook.org/ns/transclusion">
+
+ <info>
+  <title><command>journalctl</command> usage</title>
+  <abstract>
+    <para>
+   Running the <command>journalctl</command> without any options displays all logged messages, usually starting from the oldest, and pipes the output through a pager (like less) for easy navigation.
+  </para>
+  </abstract>
+  <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
+ </info>
+
+ <para>
+   You can run the <command>journalctl</command>:
+  </para>
+   <section xml:id="sec-journalctl-usage">
+  <title>Using <command>journalctl</command>sage</title>
+  <para>
+   Running the <command>journalctl</command> without any options displays all logged messages, usually starting from the oldest, and pipes the output through a pager (like less) for easy navigation.
+  </para>
+<para>Listed below are the common  useful options to enhance the default <command>journalctl</command> behavior. All switches are described in the <command>journalctl</command> man page, man 1 <command>journalctl</command>. </para>
+  <tip>
+   <title>Messages related to a specific executable</title>
+   <para>
+    To show all journal messages related to a specific executable, specify the
+    full path to the executable:
+   </para>
+<screen>&prompt.sudo;journalctl /usr/lib/systemd/systemd</screen>
+  </tip>
+  <variablelist>
+   <varlistentry>
+    <term>-f</term>
+    <listitem>
+     <para>
+      Shows only the most recent journal messages, and prints new log entries
+      as they are added to the journal.
+     </para>
+    </listitem>
+   </varlistentry>
+   <varlistentry>
+    <term/>
+    <listitem>
+     <para>
+      Prints the messages and jumps to the end of the journal, so that the
+      latest entries are visible within the pager.
+     </para>
+    </listitem>
+   </varlistentry>
+   <varlistentry>
+    <term>-r</term>
+    <listitem>
+     <para>
+      Prints the messages of the journal in reverse order, so that the latest
+      entries are listed first.
+     </para>
+    </listitem>
+   </varlistentry>
+   <varlistentry>
+    <term>-k</term>
+    <listitem>
+     <para>
+      Shows only kernel messages. This is equivalent to the field match
+      <literal>_TRANSPORT=kernel</literal> (see
+      <xref linkend="sec-journalctl-filter-fields"/>).
+     </para>
+    </listitem>
+   </varlistentry>
+   <varlistentry>
+    <term>-u</term>
+    <listitem>
+     <para>
+      Shows only messages for the specified &systemd; unit. This is equivalent
+      to the field match
+      <literal>_SYSTEMD_UNIT=<replaceable>UNIT</replaceable></literal> (see
+      <xref linkend="sec-journalctl-filter-fields"/>).
+     </para>
+<screen>&prompt.sudo;journalctl -u apache2</screen>
+    </listitem>
+   </varlistentry>
+  </variablelist>
+  <para/>
+</section>
+</topic>
diff --git a/tasks/journald-configure.xml b/tasks/journald-configure.xml
index f79f54626..e173259f4 100644
--- a/tasks/journald-configure.xml
+++ b/tasks/journald-configure.xml
@@ -16,57 +16,90 @@
  xmlns:xlink="http://www.w3.org/1999/xlink"
  xmlns:trans="http://docbook.org/ns/transclusion">
   <info>
-    <title>Configuring journald</title><!-- can be changed via merge
+    <title>Configuring <command>systemd-journald</command></title><!-- can be changed via merge
 in the assembly -->
     <!-- add author's e-mail -->
     <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
     <abstract><!-- can be changed via merge in the assembly -->
       <para>
-       The topic covers the basic configuration of journald. You can configure the basic behavior of <command>systemd-journald</command> service by modifying <filename>/etc/systemd/journald.conf</filename>. After making the changes, you must restart <filename>systemd-journald</filename>. For more information on file description, see <filename>man 5 journald.conf.</filename>.
-       </para>
+        You can configure the basic behavior of <command>systemd-journald</command> service by modifying <filename>/etc/systemd/journald.conf</filename>.</para>
       </abstract>
   </info>
   <para>
-    To configure journald, proceed as follows:
+    To configure <command>systemd-journald</command>, proceed as follows:
   </para>
   <procedure>
+    <title>Configuring <command>systemd-journald</command></title>
     <step>
+      <para>Open the <command>systemd-journald</command> configuration file:</para>
+<screen>&prompt.sudo; vi /etc/systemd/journald.conf</screen>
+<screen>[Journal]
+
+# Store journals on disk so logs survive reboot
+Storage=persistent
+
+# Disk space limits
+SystemMaxUse=2G
+SystemKeepFree=10%
+
+# Per-file max size
+SystemMaxFileSize=200M
+
+# RAM (runtime) journal limits
+RuntimeMaxUse=500M
+RuntimeKeepFree=10%
+
+# Log retention
+MaxRetentionSec=4weeks
+
+# Compression for old logs
+Compress=yes
+
+# Optional: also forward to rsyslog/syslog
+ForwardToSyslog=yes</screen>
+</step>
+<step>
+  <para>Modify the configurations:</para>
+    <itemizedlist>
+      <listitem>
       <para>
-        To modify the storage type, modify <command>Storage=auto</command>. </para>
+        To modify the storage type, modify <command>Storage=auto</command>.</para>
           <para>The available options are: </para>
           <itemizedlist>
             <listitem><para><guimenu>volatile</guimenu>: RAM only (clears on reboot).</para></listitem>
-          <listitem><para><guimenu>persistent</guimenu>: stored in <filename>/var/log/journal</filename>.</para></listitem>
-        <listitem><para><guimenu>auto</guimenu>: persistent if directory exists, otherwise volatile.</para></listitem>
-        <listitem><para><guimenu>none</guimenu>: no logs written to disk or memory.</para></listitem>
-      </itemizedlist>
-     <para>If the journal log data is saved to a persistent location, it uses up to 10% of the file system the <filename>/var/log/journal</filename> resides on. For example, if <filename>/var/log/journal</filename> is located on a 30 GB /var partition, the journal may use up to 3 GB of the disk space. To change this limit, change (and uncomment) the <command>SystemMaxUse</command> option: 
-       </para>
-       <screen>SystemMaxUse=50M
-systemctl restart systemd-journald
-      </screen>
-     </step>
-    <step>
-      <para>
-        To limit logs rate to prevent flooding logs:
-        </para>
+            <listitem><para><guimenu>persistent</guimenu>: stored in <filename>/var/log/journal</filename>.</para></listitem>
+            <listitem><para><guimenu>auto</guimenu>: persistent if directory exists, otherwise volatile.</para></listitem>
+            <listitem><para><guimenu>none</guimenu>: no logs written to disk or memory.</para></listitem>
+          </itemizedlist>
+          <para>If the journal log data is saved to a persistent location, it uses up to 10% of the file system the <filename>/var/log/journal</filename> resides on. For example, if <filename>/var/log/journal</filename> is located on a 30 GB /var partition, the journal may use up to 3 GB of the disk space. To change this limit, change (and uncomment) the <command>SystemMaxUse</command> option:</para>
+     <screen>SystemMaxUse=50M
+&prompt.sudo; systemctl restart systemd-journald</screen>
+      </listitem>
+      <listitem>
+      <para>To limit logs rate to prevent flooding logs:</para>
         <screen>RateLimitIntervalSec=30s
 RateLimitBurst=1000</screen>
-    </step>
-    <step>
+    </listitem>
+    <listitem>
       <para>
         To send the journal to a terminal device to inform you about system messages on a preferred terminal screen, for example <filename>/dev/tty12</filename>:
        </para>
        <screen>ForwardToConsole=yes
 TTYPath=/dev/tty12</screen>
-      </step>
-      <step>
+      </listitem>
+      <listitem>
         <para>To forward logs to syslog, modify <command>ForwardToSyslog=yes</command>.Journald is backward compatible with traditional syslog implementations such as rsyslog.</para>
-      <itemizedlist>
-        <listitem><para>Install rsyslog</para><screen>rpm -q rsyslog</screen></listitem>
-        <listitem><para>Enable rsyslog</para><screen>systemctl is-enabled rsyslog</screen></listitem>
-        <listitem><para>Enable forwarding to rsyslog in  in <filename>/etc/systemd/journald.conf</filename></para><screen>ForwardToSyslog=yes</screen></listitem>
-      </itemizedlist>
-      </step>
+        <itemizedlist>
+          <listitem><para>Install rsyslog</para><screen>rpm -q rsyslog</screen></listitem>
+          <listitem><para>Enable rsyslog</para><screen>systemctl is-enabled rsyslog</screen></listitem>
+          <listitem><para>Enable forwarding to rsyslog in  in <filename>/etc/systemd/journald.conf</filename></para><screen>ForwardToSyslog=yes</screen></listitem>
+        </itemizedlist>
+        <para>For more information on file description, see <command>man 5 journald.conf</command>.</para>
+      </listitem>
+    </itemizedlist>
+    </step>
+    <step><para>Save and restart <command>systemd-journald</command>.</para>
+    <screen>&prompt.sudo; systemctl restart systemd-journald</screen>
+    </step>
   </procedure>
 </topic>
diff --git a/tasks/journald-filter-journals.xml b/tasks/journald-filter-journals.xml
new file mode 100644
index 000000000..1e74a32fb
--- /dev/null
+++ b/tasks/journald-filter-journals.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE topic
+[
+  <!ENTITY % entities SYSTEM "../common/generic-entities.ent">
+    %entities;
+]>
+<!-- refers to legacy doc: <add github link to legacy doc piece, if applicable> -->
+<!-- point back to this document with a similar comment added to your legacy doc piece -->
+<!-- refer to README.md for file and id naming conventions -->
+<!-- metadata is dealt with on the assembly level -->
+<topic xml:id="journal-configure-journald"
+ role="task" xml:lang="en"
+ xmlns="http://docbook.org/ns/docbook" version="5.2"
+ xmlns:its="http://www.w3.org/2005/11/its"
+ xmlns:xi="http://www.w3.org/2001/XInclude"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:trans="http://docbook.org/ns/transclusion">
+  <info>
+    <title>Filter the journal output</title><!-- can be changed via merge
+in the assembly -->
+    <!-- add author's e-mail -->
+    <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
+    <abstract><!-- can be changed via merge in the assembly -->
+      <para>
+   This section describes how to refine the search in logs according to boot numbers, for specific time interval or to view specific data fields.
+   content of the journal, the oldest entries listed first. The output can be
+   filtered by specific switches and fields.
+  </para></abstract>
+  </info>
+  <para>
+    You can filter journals based on boot number, time interval, and fields.
+  </para>
+  <procedure>
+    <title>Filtering journals</title>
+    
+  </procedure>
+</topic>

From 485543cda3af15eea84f92c158aa1a7d528cf247 Mon Sep 17 00:00:00 2001
From: Shalaka Harne <shalaka.harne@suse.com>
Date: Fri, 28 Nov 2025 22:18:44 +0530
Subject: [PATCH 22/32] Fixed feedback.

---
 articles/journalctl.asm.xml         |   4 +-
 concepts/journal-about-journald.xml | 117 +---------------------------
 references/journalctl-usage.xml     |  10 +--
 tasks/journald-filter-journals.xml  |  63 +++++++++++++--
 4 files changed, 65 insertions(+), 129 deletions(-)

diff --git a/articles/journalctl.asm.xml b/articles/journalctl.asm.xml
index 1961184ea..546964dfd 100644
--- a/articles/journalctl.asm.xml
+++ b/articles/journalctl.asm.xml
@@ -20,6 +20,7 @@ xmlns="http://docbook.org/ns/docbook">
 <!-- tasks--> 
 <resource href="../tasks/journald-configure.xml" xml:id="_journald-configure"/> 
 <resource href="../tasks/systemd-journald-troubleshooting.xml" xml:id="_systemd-journald-troubleshooting"/> 
+<resource href="../tasks/journald-filter-journals.xml" xml:id="_journald-filter-journals"/> 
 <!-- references-->
 <resource href="../references/journalctl-usage.xml" xml:id="_journalctl-usage"/> 
 </resources>
@@ -137,8 +138,9 @@ You must have &sudo; privileges.
 </abstract>
 </merge>
 <module renderas="section" resourceref="_journal-about-journald"/>
-<module renderas="section" resourceref="_journald-configure"/>
+<module renderas="section" resourceref="_journald-filter-journals"/>
 <module renderas="section" resourceref="_journalctl-usage"/>
+<module renderas="section" resourceref="_journald-configure"/>
 <module renderas="section" resourceref="_systemd-journald-troubleshooting"/>
 <module resourceref="_legal"/>
 <module resourceref="_gfdl">
diff --git a/concepts/journal-about-journald.xml b/concepts/journal-about-journald.xml
index ff2c7397f..657c67ef7 100644
--- a/concepts/journal-about-journald.xml
+++ b/concepts/journal-about-journald.xml
@@ -25,9 +25,7 @@
    <para><command>journalctl</command> is the command-line tool to view and analyze the logs from the <command>systemd-journald</command> service.</para></abstract>
   
    </info>
-  <section xml:id="sec-journalctl-managing">
-  <title><command>journalctl</command>: configuration and structure</title>
-
+   <section><title>Understanding <command>journalctl</command> configuration and structure</title>
   <para>
    This section describes the <command>journalctl</command> location, configuring the location for persistent logs, and the <command>journalctl</command> entry structure.
   </para>
@@ -69,117 +67,4 @@
 </listitem>
 </itemizedlist>
 </section>
-<section xml:id="sec-journalctl-filter">
-  <title>Filtering the journal output</title>
-
-  <para>
-   This section describes how to refine the search in logs according to boot numbers, for specific time interval or to view specific data fields.
-   content of the journal, the oldest entries listed first. The output can be
-   filtered by specific switches and fields.
-  </para>
-  <section xml:id="sec-journalctl-filter-boot">
-   <title>Filtering based on a boot number</title>
-   <para>
-    <command>journalctl</command> can filter messages based on a specific
-    system boot. To list all available boots, run
-   </para>
-<screen>&prompt.sudo;journalctl --list-boots</screen>
-   <para>
-    The first column lists the boot offset: <literal>0</literal> for the
-    current boot, <literal>-1</literal> for the previous one,
-    <literal>-2</literal> for the one before that, etc. The second column
-    contains the boot ID followed by the limiting time stamps of the specific
-    boot.
-   </para>
-   <para>
-    Show all messages from the current boot:
-   </para>
-<screen>&prompt.sudo;journalctl -b</screen>
-   <para>
-    If you need to see journal messages from the previous boot, add an offset
-    parameter. The following example outputs the previous boot messages:
-   </para>
-<screen>&prompt.sudo;journalctl -b -1</screen>
-   <para>
-    Another way is to list boot messages based on the boot ID. For this
-    purpose, use the _BOOT_ID field:
-   </para>
-<screen>&prompt.sudo;journalctl _BOOT_ID=156019a44a774a0bb0148a92df4af81b</screen>
-  </section>
-
-  <section xml:id="sec-journalctl-filter-time">
-   <title>Filtering based on time interval</title>
-   <para>
-    You can filter the output of <command>journalctl</command> by specifying the
-    starting and/or ending date. The date specification should be of the format
-    <literal>2025-06-30 9:17:16</literal>. If the time part is omitted, midnight
-    is assumed. If seconds are omitted, <literal>:00</literal> is assumed. If
-    the date part is omitted, the current day is assumed. Instead of numeric
-    expression, you can specify the keywords <literal>yesterday</literal>,
-    <literal>today</literal> or <literal>tomorrow</literal>. They refer to
-    midnight of the day before the current day, of the current day, or of the
-    day after the current day. If you specify <literal>now</literal>, it refers
-    to the current time. You can also specify relative times prefixed with
-    <literal>-</literal> or <literal>+</literal>, referring to times before or
-    after the current time.
-   </para>
-   <para>
-    Show only new messages since now, and update the output continuously:
-   </para>
-<screen>&prompt.sudo;journalctl --since "now" -f</screen>
-   <para>
-    Show all messages since last midnight till 3:20am:
-   </para>
-<screen>&prompt.sudo;journalctl --since "today" --until "3:20"</screen>
-  </section>
-  <section xml:id="sec-journalctl-filter-fields">
-   <title>Filtering based on fields</title>
-   <para>
-    You can filter the output of the journal by specific fields. The syntax of
-    a field to be matched is <literal>FIELD_NAME=MATCHED_VALUE</literal>, such
-    as <literal>_SYSTEMD_UNIT=httpd.service</literal>. You can specify multiple
-    matches in a single query to filter the output messages even more. See
-    <command>man 7 systemd.journal-fields</command> for a list of default
-    fields.
-   </para>
-   <para>
-    Show messages produced by a specific process ID:
-   </para>
-<screen>&prompt.sudo;journalctl _PID=1039</screen>
-   <para>
-    Show messages belonging to a specific user ID:
-   </para>
-<screen># journalctl _UID=1000</screen>
-   <para>
-    Show messages from the kernel ring buffer (the same as
-    <command>dmesg</command> displays):
-   </para>
-<screen>&prompt.sudo;journalctl _TRANSPORT=kernel</screen>
-   <para>
-    Show messages from the service's standard or error output:
-   </para>
-<screen>&prompt.sudo;journalctl _TRANSPORT=stdout</screen>
-   <para>
-    Show messages produced by a specified service only:
-   </para>
-<screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service</screen>
-   <para>
-    If two different fields are specified, only entries that match both
-    expressions at the same time are shown:
-   </para>
-<screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=1488</screen>
-   <para>
-    If two matches refer to the same field, all entries matching either
-    expression are shown:
-   </para>
-<screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service _SYSTEMD_UNIT=dbus.service</screen>
-   <para>
-    You can use the <literal>+</literal> separator to combine two expressions in
-    a logical <literal>OR</literal>. The following example shows all messages
-    from the Avahi service process with the process ID 1480 together with all
-    messages from the D-Bus service:
-   </para>
-<screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=1480 + _SYSTEMD_UNIT=dbus.service</screen>
-  </section> 
-</section>
 </topic>
diff --git a/references/journalctl-usage.xml b/references/journalctl-usage.xml
index 548534a3a..a4997344f 100644
--- a/references/journalctl-usage.xml
+++ b/references/journalctl-usage.xml
@@ -18,7 +18,7 @@
  xmlns:trans="http://docbook.org/ns/transclusion">
 
  <info>
-  <title><command>journalctl</command> usage</title>
+  <title>Using <command>journalctl</command></title>
   <abstract>
     <para>
    Running the <command>journalctl</command> without any options displays all logged messages, usually starting from the oldest, and pipes the output through a pager (like less) for easy navigation.
@@ -31,7 +31,7 @@
    You can run the <command>journalctl</command>:
   </para>
    <section xml:id="sec-journalctl-usage">
-  <title>Using <command>journalctl</command>sage</title>
+  <title>Use <command>journalctl</command></title>
   <para>
    Running the <command>journalctl</command> without any options displays all logged messages, usually starting from the oldest, and pipes the output through a pager (like less) for easy navigation.
   </para>
@@ -77,8 +77,7 @@
     <listitem>
      <para>
       Shows only kernel messages. This is equivalent to the field match
-      <literal>_TRANSPORT=kernel</literal> (see
-      <xref linkend="sec-journalctl-filter-fields"/>).
+      <literal>_TRANSPORT=kernel</literal>.
      </para>
     </listitem>
    </varlistentry>
@@ -88,8 +87,7 @@
      <para>
       Shows only messages for the specified &systemd; unit. This is equivalent
       to the field match
-      <literal>_SYSTEMD_UNIT=<replaceable>UNIT</replaceable></literal> (see
-      <xref linkend="sec-journalctl-filter-fields"/>).
+      <literal>_SYSTEMD_UNIT=<replaceable>UNIT</replaceable></literal>.
      </para>
 <screen>&prompt.sudo;journalctl -u apache2</screen>
     </listitem>
diff --git a/tasks/journald-filter-journals.xml b/tasks/journald-filter-journals.xml
index 1e74a32fb..3ba4109ee 100644
--- a/tasks/journald-filter-journals.xml
+++ b/tasks/journald-filter-journals.xml
@@ -8,7 +8,7 @@
 <!-- point back to this document with a similar comment added to your legacy doc piece -->
 <!-- refer to README.md for file and id naming conventions -->
 <!-- metadata is dealt with on the assembly level -->
-<topic xml:id="journal-configure-journald"
+<topic xml:id="journal-filter-journals"
  role="task" xml:lang="en"
  xmlns="http://docbook.org/ns/docbook" version="5.2"
  xmlns:its="http://www.w3.org/2005/11/its"
@@ -16,7 +16,7 @@
  xmlns:xlink="http://www.w3.org/1999/xlink"
  xmlns:trans="http://docbook.org/ns/transclusion">
   <info>
-    <title>Filter the journal output</title><!-- can be changed via merge
+    <title>Filtering the journal output</title><!-- can be changed via merge
 in the assembly -->
     <!-- add author's e-mail -->
     <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
@@ -30,8 +30,59 @@ in the assembly -->
   <para>
     You can filter journals based on boot number, time interval, and fields.
   </para>
-  <procedure>
-    <title>Filtering journals</title>
-    
-  </procedure>
+    <procedure>
+      <title>Filtering journals</title>
+       <step><para>Filter logs based on specific system boot:</para>
+        <itemizedlist>
+          <listitem>
+            <para>List all the available boots:</para>
+              <screen>&prompt.sudo;journalctl --list-boots</screen>
+            <para>The first column lists the boot offset: <literal>0</literal> for the current boot, <literal>-1</literal> for the previous one,
+    <literal>-2</literal> for the one before that, etc. The second column contains the boot ID followed by the limiting time stamps of the specific
+    boot.</para>
+          </listitem>
+          <listitem><para>Show all messages from the current boot:</para>
+            <screen>&prompt.sudo;journalctl -b</screen></listitem>
+          <listitem><para>To view journal messages from the previous boot, add an offset
+    parameter. The following example command shows the previous boot messages:</para>
+            <screen>&prompt.sudo;journalctl -b -1</screen></listitem>
+          <listitem><para>To view boot messages based on the boot ID, <literal>156019a44a774a0bb0148a92df4af81b</literal>:</para>
+            <screen>&prompt.sudo;journalctl _BOOT_ID=156019a44a774a0bb0148a92df4af81b</screen></listitem>
+  </itemizedlist></step>
+        <step><para>Filter logs based on time interval</para>
+              <para>You can filter the output of <command>journalctl</command> by specifying the starting and/or ending date. The date specification should be of the format<literal>YYYY-MM-DD H:MM:SS</literal>. If the time part is omitted, midnight is assumed. If seconds are omitted, <literal>:00</literal> is assumed. If the date part is omitted, the current day is assumed. Instead of numeric expression, you can specify the keywords <literal>yesterday</literal>,
+    <literal>today</literal> or <literal>tomorrow</literal>. They refer to midnight of the day before the current day, of the current day, or of the day after the current day. If you specify <literal>now</literal>, it refers to the current time. You can also specify relative times prefixed with <literal>-</literal> or <literal>+</literal>, referring to times before or after the current time.</para>
+          <itemizedlist>
+            <listitem>
+              <para>To view only new messages since now, and update the output continuously:</para>
+              <screen>&prompt.sudo;journalctl --since "now" -f</screen></listitem>
+            <listitem><para>To view all messages since last midnight till <literal>3:20am</literal>:</para>
+              <screen>&prompt.sudo;journalctl --since "today" --until "3:20"</screen></listitem>
+          </itemizedlist>
+        </step>
+        <step><para>Filter logs based on fields</para>
+          <para>You can filter the output of the journal by specific fields. The syntax of a field to be matched is <literal>FIELD_NAME=MATCHED_VALUE</literal>, such
+    as <literal>_SYSTEMD_UNIT=httpd.service</literal>. You can specify multiple matches in a single query to filter the output messages even more. See
+    <command>man 7 systemd.journal-fields</command> for a list of default fields.</para>
+          <itemizedlist>
+            <listitem>
+              <para>To view messages produced by a specific process ID, for example <literal>PID_1039</literal>:</para>
+<screen>&prompt.sudo;journalctl _PID=1039</screen></listitem>
+            <listitem><para>To view messages belonging to a specific user ID, for example <literal>UID_1000</literal>:</para>
+              <screen># journalctl _UID=1000</screen></listitem>
+            <listitem><para>To view messages from the kernel ring buffer (the same as <command>dmesg</command> displays):</para>
+              <screen>&prompt.sudo;journalctl _TRANSPORT=kernel</screen></listitem>
+            <listitem><para>To view messages from the service's standard or error output:</para>
+              <screen>&prompt.sudo;journalctl _TRANSPORT=stdout</screen></listitem>
+            <listitem><para>To view messages produced by a specified service only:</para>
+              <screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service</screen>
+              <para>If two different fields are specified, only entries that match both expressions at the same time are shown:</para>
+              <screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=1488</screen>
+              <para>If two matches refer to the same field, all entries matching either expression are shown:</para>
+              <screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service _SYSTEMD_UNIT=dbus.service</screen>
+              <para>You can use the <literal>+</literal> separator to combine two expressions in a logical <literal>OR</literal>. The following example shows all messages from the Avahi service process with the process ID 1480 together with all messages from the D-Bus service:</para>
+              <screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=1480 + _SYSTEMD_UNIT=dbus.service</screen></listitem>
+            </itemizedlist>
+    </step>
+</procedure>
 </topic>

From 65cdc6e6c8cc3ce9c682586ba52ed3d791cd1211 Mon Sep 17 00:00:00 2001
From: Shalaka Harne <shalaka.harne@suse.com>
Date: Fri, 28 Nov 2025 22:44:05 +0530
Subject: [PATCH 23/32] Fixed validation errors.

---
 articles/journalctl.asm.xml     | 7 -------
 references/journalctl-usage.xml | 4 ++--
 2 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/articles/journalctl.asm.xml b/articles/journalctl.asm.xml
index 2248ad2c9..546964dfd 100644
--- a/articles/journalctl.asm.xml
+++ b/articles/journalctl.asm.xml
@@ -37,11 +37,9 @@ xmlns="http://docbook.org/ns/docbook">
 <structure renderas="article" xml:id="sles-journald">
 <merge>
 <title>Mastering System Logs: From <command>systemd-journald</command> to <command>journalctl</command></title>
-<title>Mastering System Logs: From <command>systemd-journald</command> to <command>journalctl</command></title>
 <!-- History -->
 <revhistory xml:id="rh-sles-journald">
 <revision><date>2025-11-26</date>
-<revision><date>2025-11-26</date>
 <revdescription>
 <para>
 Initial version
@@ -66,12 +64,10 @@ Initial version
 </meta>
 <!-- Social Media -->
 <meta name="title">Mastering System Logs: From <command>systemd-journald</command> to <command>journalctl</command></meta>
-<meta name="title">Mastering System Logs: From <command>systemd-journald</command> to <command>journalctl</command></meta>
 <meta name="description">
 How to view and manage &productnameshort; logs using <command>journalctl</command></meta>
 <!-- Search -->
 <meta name="social-descr">Mastering System Logs: From <command>systemd-journald</command> to <command>journalctl</command></meta>
-<meta name="social-descr">Mastering System Logs: From <command>systemd-journald</command> to <command>journalctl</command></meta>
 <!-- Task -->
 <meta name="task" its:translate="no">
 <phrase>Configuration</phrase>
@@ -111,7 +107,6 @@ You can view and analyze logs from <command>systemd-journald</command> using the
 <listitem>
 <para>
 This article is intended to provide a complete overview of tasks that can be performed using the <command>journalctl</command> command-line tool.
-This article is intended to provide a complete overview of tasks that can be performed using the <command>journalctl</command> command-line tool.
 </para>
 </listitem>
 </varlistentry>
@@ -136,7 +131,6 @@ You will be able to view your system logs using <command>journalctl</command>.
 <listitem>
 <para>
 You must have &sudo; privileges.
-You must have &sudo; privileges.
 </para>
 </listitem>
 </varlistentry>
@@ -147,7 +141,6 @@ You must have &sudo; privileges.
 <module renderas="section" resourceref="_journald-filter-journals"/>
 <module renderas="section" resourceref="_journalctl-usage"/>
 <module renderas="section" resourceref="_journald-configure"/>
-<module renderas="section" resourceref="_journalctl-usage"/>
 <module renderas="section" resourceref="_systemd-journald-troubleshooting"/>
 <module resourceref="_legal"/>
 <module resourceref="_gfdl">
diff --git a/references/journalctl-usage.xml b/references/journalctl-usage.xml
index a4997344f..57f1869af 100644
--- a/references/journalctl-usage.xml
+++ b/references/journalctl-usage.xml
@@ -9,7 +9,7 @@
 <!-- refer to README.md for file and id naming conventions -->
 <!-- metadata is dealt with on the assembly level -->
 
-<topic xml:id="journalctl-usage"
+<topic xml:id="journald-journalctl-usage"
  role="reference" xml:lang="en"
  xmlns="http://docbook.org/ns/docbook" version="5.2"
  xmlns:its="http://www.w3.org/2005/11/its"
@@ -30,7 +30,7 @@
  <para>
    You can run the <command>journalctl</command>:
   </para>
-   <section xml:id="sec-journalctl-usage">
+   <section>
   <title>Use <command>journalctl</command></title>
   <para>
    Running the <command>journalctl</command> without any options displays all logged messages, usually starting from the oldest, and pipes the output through a pager (like less) for easy navigation.

From b74a66e0d961a811f8e7a9743ba67a60caa2ce92 Mon Sep 17 00:00:00 2001
From: Shalaka Harne <shalaka.harne@suse.com>
Date: Tue, 2 Dec 2025 12:55:43 +0530
Subject: [PATCH 24/32] Fixed comments from JanaH.

---
 tasks/systemd-journald-troubleshooting.xml | 25 +++++++++++++---------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/tasks/systemd-journald-troubleshooting.xml b/tasks/systemd-journald-troubleshooting.xml
index ff0b47542..66d1b8327 100644
--- a/tasks/systemd-journald-troubleshooting.xml
+++ b/tasks/systemd-journald-troubleshooting.xml
@@ -27,14 +27,19 @@ in the assembly -->
       </abstract>
   </info>
 <procedure>
-  <title>Troubleshoot <command>journalctl</command> errors</title>
-  <step><para>Identify the severity and content of the error.The errors are marked with priority level:</para>
+  <title>View &systemd; errors</title>
+  <step><para>View the list of failed &systemd; units:</para>
+  <screen>systemctl --failed</screen>
+<para>The list of all failed services appear.</step>
+  <step><para>Identify the severity and content of the error.</para>
+    <screen>journalctl -p 0..7 -b</screen>
+    <para>The list of errors with priority level <literal>0 to 7 appears. The errors are marked with priority level:</para>
 <itemizedlist><listitem><para><guimenu>0-2</guimenu>: <command>emerg, alert, crit</command>: Critical issues, system collapse imminent.</para></listitem>
   <listitem><para><guimenu>3</guimenu>: <command>err (Error)</command>: A service or application failed to complete a requested operation.</para></listitem>
    <listitem><para><guimenu>4</guimenu>: <command>warning </command>: Something undesirable happened but is not an immediate failure.</para></listitem>
  <listitem><para><guimenu>5-7</guimenu>: <command>notice, info, debug</command>: Normal operational information and developer diagnostics.</para></listitem></itemizedlist>
 </step>
-<step><para>Identify the failing unit using the following command:</para>
+<step><para>View the error log for the failing service using the following command:</para>
 <screen>journalctl -u &lt;failing_service_name&gt;</screen>
 <para>The lines preceding the termination message includes information on the error.</para>
 <itemizedlist><listitem><para><guimenu>Exit Status</guimenu>: f a service stops, look for a message like Process xxx exited with status 1/FAILURE. A status of 0 is success. Any non-zero status indicates an error. </para></listitem>
@@ -43,26 +48,26 @@ in the assembly -->
  </itemizedlist></step>
 <step><para>Use detailed views of logs to get detailed information on the error.</para>
 <screen>journalctl -xe</screen>
-<para>To view all messages from the Apache service during the current boot, with detailed explanations, run the following command:</para>
+<para>For example, to view all messages from the Apache service during the current boot, with detailed explanations, run the following command:</para>
 <screen>journalctl -u httpd.service -b -xe</screen></step>
 </procedure>
 <section>
-  <title>Troubleshoot apache2 error</title>
+  <title>Troubleshoot &systemd; error</title>
 <procedure>
     <para>
-   This section introduces a simple example to illustrate how to find and fix
+   This section introduces an example to illustrate how to find and fix
    the error reported by &systemd; during <command>apache2</command> start-up.
   </para>
     <step>
     <para>
-     Try to start the apache2 service:
+     Start the apache2 service:
     </para>
-<screen># systemctl start apache2
+<screen>systemctl start apache2
 Job for apache2.service failed. See 'systemctl status apache2' and 'journalctl -xn' for details.</screen>
    </step>
    <step>
     <para>
-     Let us see what the service's status says:
+     View the service status:
     </para>
 <screen>&prompt.sudo;systemctl status apache2
 apache2.service - The Apache Webserver
@@ -76,7 +81,7 @@ apache2.service - The Apache Webserver
    </step>
    <step>
     <para>
-     Show the verbose version of messages related to process ID 11026:
+     View the verbose version of messages related to process ID 11026:
     </para>
 <screen>&prompt.sudo;journalctl -o verbose _PID=11026
 [...]

From cfcb6acdef62ea0f8188edcc6e102fa1c8228beb Mon Sep 17 00:00:00 2001
From: Shalaka Harne <shalaka.harne@suse.com>
Date: Tue, 2 Dec 2025 13:04:28 +0530
Subject: [PATCH 25/32] Fixed comments from JanaH.

---
 tasks/systemd-journald-troubleshooting.xml | 47 +++++++++-------------
 1 file changed, 19 insertions(+), 28 deletions(-)

diff --git a/tasks/systemd-journald-troubleshooting.xml b/tasks/systemd-journald-troubleshooting.xml
index 66d1b8327..2610df1a9 100644
--- a/tasks/systemd-journald-troubleshooting.xml
+++ b/tasks/systemd-journald-troubleshooting.xml
@@ -30,22 +30,27 @@ in the assembly -->
   <title>View &systemd; errors</title>
   <step><para>View the list of failed &systemd; units:</para>
   <screen>systemctl --failed</screen>
-<para>The list of all failed services appear.</step>
+<para>The list of all failed services appear.</para></step>
   <step><para>Identify the severity and content of the error.</para>
     <screen>journalctl -p 0..7 -b</screen>
-    <para>The list of errors with priority level <literal>0 to 7 appears. The errors are marked with priority level:</para>
-<itemizedlist><listitem><para><guimenu>0-2</guimenu>: <command>emerg, alert, crit</command>: Critical issues, system collapse imminent.</para></listitem>
+    <para>The list of errors with priority level <literal>0 to 7</literal> appears. The errors are marked with priority level:
+    </para>
+    <itemizedlist>
+  <listitem><para><guimenu>0-2</guimenu>: <command>emerg, alert, crit</command>: Critical issues, system collapse imminent.</para></listitem>
   <listitem><para><guimenu>3</guimenu>: <command>err (Error)</command>: A service or application failed to complete a requested operation.</para></listitem>
-   <listitem><para><guimenu>4</guimenu>: <command>warning </command>: Something undesirable happened but is not an immediate failure.</para></listitem>
- <listitem><para><guimenu>5-7</guimenu>: <command>notice, info, debug</command>: Normal operational information and developer diagnostics.</para></listitem></itemizedlist>
+  <listitem><para><guimenu>4</guimenu>: <command>warning </command>: Something undesirable happened but is not an immediate failure.</para></listitem>
+  <listitem><para><guimenu>5-7</guimenu>: <command>notice, info, debug</command>: Normal operational information and developer diagnostics.</para></listitem>
+</itemizedlist>
 </step>
 <step><para>View the error log for the failing service using the following command:</para>
 <screen>journalctl -u &lt;failing_service_name&gt;</screen>
 <para>The lines preceding the termination message includes information on the error.</para>
-<itemizedlist><listitem><para><guimenu>Exit Status</guimenu>: f a service stops, look for a message like Process xxx exited with status 1/FAILURE. A status of 0 is success. Any non-zero status indicates an error. </para></listitem>
+<itemizedlist>
+  <listitem><para><guimenu>Exit Status</guimenu>: f a service stops, look for a message like Process xxx exited with status 1/FAILURE. A status of 0 is success. Any non-zero status indicates an error. </para></listitem>
   <listitem><para><guimenu>Configuration Errors</guimenu>: Messages containing phrases like No such file or directory, Permission denied, or Address already in use usually point to a problem in the service's configuration file</para></listitem>
-   <listitem><para><guimenu>Out-of-Memory (OOM)</guimenu>: Out-of-Memory (OOM)</para></listitem>
- </itemizedlist></step>
+  <listitem><para><guimenu>Out-of-Memory (OOM)</guimenu>: Out-of-Memory (OOM)</para></listitem>
+ </itemizedlist>
+</step>
 <step><para>Use detailed views of logs to get detailed information on the error.</para>
 <screen>journalctl -xe</screen>
 <para>For example, to view all messages from the Apache service during the current boot, with detailed explanations, run the following command:</para>
@@ -56,33 +61,23 @@ in the assembly -->
 <procedure>
     <para>
    This section introduces an example to illustrate how to find and fix
-   the error reported by &systemd; during <command>apache2</command> start-up.
-  </para>
+   the error reported by &systemd; during <command>apache2</command> start-up.</para>
     <step>
-    <para>
-     Start the apache2 service:
-    </para>
+    <para>Start the apache2 service:</para>
 <screen>systemctl start apache2
 Job for apache2.service failed. See 'systemctl status apache2' and 'journalctl -xn' for details.</screen>
    </step>
-   <step>
-    <para>
-     View the service status:
-    </para>
+   <step><para>View the service status:</para>
 <screen>&prompt.sudo;systemctl status apache2
 apache2.service - The Apache Webserver
    Loaded: loaded (/usr/lib/systemd/system/apache2.service; disabled)
    Active: failed (Result: exit-code) since Tue 2025-09-03 11:08:13 EDT; 7min ago
   Process: 11026 ExecStop=/usr/sbin/start_apache2 -D SYSTEMD -DFOREGROUND \
            -k graceful-stop (code=exited, status=1/FAILURE)</screen>
-    <para>
-     The ID of the process causing the failure is 11026.
-    </para>
+    <para>The ID of the process causing the failure is 11026.</para>
    </step>
    <step>
-    <para>
-     View the verbose version of messages related to process ID 11026:
-    </para>
+    <para>View the verbose version of messages related to process ID 11026:</para>
 <screen>&prompt.sudo;journalctl -o verbose _PID=11026
 [...]
 MESSAGE=AH00526: Syntax error on line 6 of /etc/apache2/default-server.conf:
@@ -90,11 +85,7 @@ MESSAGE=AH00526: Syntax error on line 6 of /etc/apache2/default-server.conf:
 MESSAGE=Invalid command 'DocumenttRoot', perhaps misspelled or defined by a module
 [...]</screen>
    </step>
-   <step>
-    <para>
-     Fix the typo inside <filename>/etc/apache2/default-server.conf</filename>,
-     start the apache2 service, and print its status:
-    </para>
+   <step><para>Fix the typo inside <filename>/etc/apache2/default-server.conf</filename>, start the apache2 service, and print its status:</para>
 <screen>&prompt.sudo;systemctl start apache2 &amp;&amp; systemctl status apache2
 apache2.service - The Apache Webserver
    Loaded: loaded (/usr/lib/systemd/system/apache2.service; disabled)

From 2c061b591c5050c5cd69b4eeae8e9790c223a3da Mon Sep 17 00:00:00 2001
From: Shalaka Harne <shalaka.harne@suse.com>
Date: Tue, 2 Dec 2025 13:10:37 +0530
Subject: [PATCH 26/32] Fixed comments from JanaH.

---
 tasks/systemd-journald-troubleshooting.xml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tasks/systemd-journald-troubleshooting.xml b/tasks/systemd-journald-troubleshooting.xml
index 2610df1a9..ef6d25296 100644
--- a/tasks/systemd-journald-troubleshooting.xml
+++ b/tasks/systemd-journald-troubleshooting.xml
@@ -26,8 +26,8 @@ in the assembly -->
   </para>
       </abstract>
   </info>
+  <section><title>View &systemd; errors</title>
 <procedure>
-  <title>View &systemd; errors</title>
   <step><para>View the list of failed &systemd; units:</para>
   <screen>systemctl --failed</screen>
 <para>The list of all failed services appear.</para></step>
@@ -56,6 +56,7 @@ in the assembly -->
 <para>For example, to view all messages from the Apache service during the current boot, with detailed explanations, run the following command:</para>
 <screen>journalctl -u httpd.service -b -xe</screen></step>
 </procedure>
+</section>
 <section>
   <title>Troubleshoot &systemd; error</title>
 <procedure>

From 7fceb5bfdc7ca2b157829258ca34210ddde66be0 Mon Sep 17 00:00:00 2001
From: Shalaka Harne <shalaka.harne@suse.com>
Date: Tue, 2 Dec 2025 12:55:43 +0530
Subject: [PATCH 27/32] Fixed comments from JanaH.

---
 tasks/systemd-journald-troubleshooting.xml | 63 +++++++++++-----------
 1 file changed, 30 insertions(+), 33 deletions(-)

diff --git a/tasks/systemd-journald-troubleshooting.xml b/tasks/systemd-journald-troubleshooting.xml
index ff0b47542..ef6d25296 100644
--- a/tasks/systemd-journald-troubleshooting.xml
+++ b/tasks/systemd-journald-troubleshooting.xml
@@ -26,58 +26,59 @@ in the assembly -->
   </para>
       </abstract>
   </info>
+  <section><title>View &systemd; errors</title>
 <procedure>
-  <title>Troubleshoot <command>journalctl</command> errors</title>
-  <step><para>Identify the severity and content of the error.The errors are marked with priority level:</para>
-<itemizedlist><listitem><para><guimenu>0-2</guimenu>: <command>emerg, alert, crit</command>: Critical issues, system collapse imminent.</para></listitem>
+  <step><para>View the list of failed &systemd; units:</para>
+  <screen>systemctl --failed</screen>
+<para>The list of all failed services appear.</para></step>
+  <step><para>Identify the severity and content of the error.</para>
+    <screen>journalctl -p 0..7 -b</screen>
+    <para>The list of errors with priority level <literal>0 to 7</literal> appears. The errors are marked with priority level:
+    </para>
+    <itemizedlist>
+  <listitem><para><guimenu>0-2</guimenu>: <command>emerg, alert, crit</command>: Critical issues, system collapse imminent.</para></listitem>
   <listitem><para><guimenu>3</guimenu>: <command>err (Error)</command>: A service or application failed to complete a requested operation.</para></listitem>
-   <listitem><para><guimenu>4</guimenu>: <command>warning </command>: Something undesirable happened but is not an immediate failure.</para></listitem>
- <listitem><para><guimenu>5-7</guimenu>: <command>notice, info, debug</command>: Normal operational information and developer diagnostics.</para></listitem></itemizedlist>
+  <listitem><para><guimenu>4</guimenu>: <command>warning </command>: Something undesirable happened but is not an immediate failure.</para></listitem>
+  <listitem><para><guimenu>5-7</guimenu>: <command>notice, info, debug</command>: Normal operational information and developer diagnostics.</para></listitem>
+</itemizedlist>
 </step>
-<step><para>Identify the failing unit using the following command:</para>
+<step><para>View the error log for the failing service using the following command:</para>
 <screen>journalctl -u &lt;failing_service_name&gt;</screen>
 <para>The lines preceding the termination message includes information on the error.</para>
-<itemizedlist><listitem><para><guimenu>Exit Status</guimenu>: f a service stops, look for a message like Process xxx exited with status 1/FAILURE. A status of 0 is success. Any non-zero status indicates an error. </para></listitem>
+<itemizedlist>
+  <listitem><para><guimenu>Exit Status</guimenu>: f a service stops, look for a message like Process xxx exited with status 1/FAILURE. A status of 0 is success. Any non-zero status indicates an error. </para></listitem>
   <listitem><para><guimenu>Configuration Errors</guimenu>: Messages containing phrases like No such file or directory, Permission denied, or Address already in use usually point to a problem in the service's configuration file</para></listitem>
-   <listitem><para><guimenu>Out-of-Memory (OOM)</guimenu>: Out-of-Memory (OOM)</para></listitem>
- </itemizedlist></step>
+  <listitem><para><guimenu>Out-of-Memory (OOM)</guimenu>: Out-of-Memory (OOM)</para></listitem>
+ </itemizedlist>
+</step>
 <step><para>Use detailed views of logs to get detailed information on the error.</para>
 <screen>journalctl -xe</screen>
-<para>To view all messages from the Apache service during the current boot, with detailed explanations, run the following command:</para>
+<para>For example, to view all messages from the Apache service during the current boot, with detailed explanations, run the following command:</para>
 <screen>journalctl -u httpd.service -b -xe</screen></step>
 </procedure>
+</section>
 <section>
-  <title>Troubleshoot apache2 error</title>
+  <title>Troubleshoot &systemd; error</title>
 <procedure>
     <para>
-   This section introduces a simple example to illustrate how to find and fix
-   the error reported by &systemd; during <command>apache2</command> start-up.
-  </para>
+   This section introduces an example to illustrate how to find and fix
+   the error reported by &systemd; during <command>apache2</command> start-up.</para>
     <step>
-    <para>
-     Try to start the apache2 service:
-    </para>
-<screen># systemctl start apache2
+    <para>Start the apache2 service:</para>
+<screen>systemctl start apache2
 Job for apache2.service failed. See 'systemctl status apache2' and 'journalctl -xn' for details.</screen>
    </step>
-   <step>
-    <para>
-     Let us see what the service's status says:
-    </para>
+   <step><para>View the service status:</para>
 <screen>&prompt.sudo;systemctl status apache2
 apache2.service - The Apache Webserver
    Loaded: loaded (/usr/lib/systemd/system/apache2.service; disabled)
    Active: failed (Result: exit-code) since Tue 2025-09-03 11:08:13 EDT; 7min ago
   Process: 11026 ExecStop=/usr/sbin/start_apache2 -D SYSTEMD -DFOREGROUND \
            -k graceful-stop (code=exited, status=1/FAILURE)</screen>
-    <para>
-     The ID of the process causing the failure is 11026.
-    </para>
+    <para>The ID of the process causing the failure is 11026.</para>
    </step>
    <step>
-    <para>
-     Show the verbose version of messages related to process ID 11026:
-    </para>
+    <para>View the verbose version of messages related to process ID 11026:</para>
 <screen>&prompt.sudo;journalctl -o verbose _PID=11026
 [...]
 MESSAGE=AH00526: Syntax error on line 6 of /etc/apache2/default-server.conf:
@@ -85,11 +86,7 @@ MESSAGE=AH00526: Syntax error on line 6 of /etc/apache2/default-server.conf:
 MESSAGE=Invalid command 'DocumenttRoot', perhaps misspelled or defined by a module
 [...]</screen>
    </step>
-   <step>
-    <para>
-     Fix the typo inside <filename>/etc/apache2/default-server.conf</filename>,
-     start the apache2 service, and print its status:
-    </para>
+   <step><para>Fix the typo inside <filename>/etc/apache2/default-server.conf</filename>, start the apache2 service, and print its status:</para>
 <screen>&prompt.sudo;systemctl start apache2 &amp;&amp; systemctl status apache2
 apache2.service - The Apache Webserver
    Loaded: loaded (/usr/lib/systemd/system/apache2.service; disabled)

From 3d679d1c2b049f495257e3d448c1d8fc0c4fc553 Mon Sep 17 00:00:00 2001
From: Jana Halackova <jsindelarova@suse.com>
Date: Thu, 4 Dec 2025 16:57:04 +0100
Subject: [PATCH 28/32] Added first batch of changes.

---
 articles/journalctl.asm.xml         |  6 ++--
 concepts/journal-about-journald.xml | 15 ++++++++--
 concepts/journal-structure.xml      | 45 +++++++++++++++++++++++++++++
 3 files changed, 62 insertions(+), 4 deletions(-)
 create mode 100644 concepts/journal-structure.xml

diff --git a/articles/journalctl.asm.xml b/articles/journalctl.asm.xml
index 546964dfd..632bc2872 100644
--- a/articles/journalctl.asm.xml
+++ b/articles/journalctl.asm.xml
@@ -137,10 +137,12 @@ You must have &sudo; privileges.
 </variablelist>
 </abstract>
 </merge>
-<module renderas="section" resourceref="_journal-about-journald"/>
+<module renderas="section" resourceref="_journal-about-journald">
+  <module renderas="section" resourceref="_journald-configure"/>
+  </module>
 <module renderas="section" resourceref="_journald-filter-journals"/>
 <module renderas="section" resourceref="_journalctl-usage"/>
-<module renderas="section" resourceref="_journald-configure"/>
+
 <module renderas="section" resourceref="_systemd-journald-troubleshooting"/>
 <module resourceref="_legal"/>
 <module resourceref="_gfdl">
diff --git a/concepts/journal-about-journald.xml b/concepts/journal-about-journald.xml
index 657c67ef7..4b9549cf4 100644
--- a/concepts/journal-about-journald.xml
+++ b/concepts/journal-about-journald.xml
@@ -16,11 +16,22 @@
  xmlns:xlink="http://www.w3.org/1999/xlink"
  xmlns:trans="http://docbook.org/ns/transclusion">
   <info>
-    <title>About journald</title>
+    <title>About <literal>journald</literal></title>
     <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
     <abstract>
       <para>
-        <command>systemd</command> uses <command>journald</command> as its logging system. The <command>systemd-journald</command> service is enabled by default.</para>
+        <command>journald</command> is a &systemd; service responsible for collecting, indexing, and storing log data. The collected events include  kernel messages, initrd (initial RAM disk) messages,
+        service startup/shutdown, application events, and authentication and session data.
+      </para>
+    </abstract>   
+  </info>
+  <para>
+    On &productname; the <literal>systemd-journald</literal> service is enabled and started by
+    default. The service logs the data into the journal described in <xref linkend="journal-what-it-is"./>
+    </para>
+        
+        
+        as its logging system. The <command>systemd-journald</command> service is enabled by default.</para>
     <para>All system events are written to the journal, a system service managed by <command>systemd-journald</command> service. This allows you to search and manage all system logs. It collects and stores logging data by maintaining structured indexed journals based on logging information received from the kernel, user processes, standard input, and system service errors. The journal records nearly every type of event generated on the system, including kernel messages, initrd (initial RAM disk) messages, service startup/shutdown, application events, and authentication and session data. Journal allows centralization and unification of logs from all sources, and it records events in structured manner which in turn helps identifying errors and in crash recovery.</para>
    <para><command>journalctl</command> is the command-line tool to view and analyze the logs from the <command>systemd-journald</command> service.</para></abstract>
   
diff --git a/concepts/journal-structure.xml b/concepts/journal-structure.xml
new file mode 100644
index 000000000..5f26e3d17
--- /dev/null
+++ b/concepts/journal-structure.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- This file originates from the project https://github.com/openSUSE/doc-kit -->
+<!-- This file can be edited downstream. -->
+<!DOCTYPE topic
+[
+  <!ENTITY % entities SYSTEM "../common/generic-entities.ent">
+    %entities;
+]>
+<!-- refers to legacy doc: <add github link to legacy doc piece, if applicable> -->
+<!-- point back to this document with a similar comment added to your legacy doc piece -->
+<!-- refer to README.md for file and id naming conventions -->
+<!-- metadata is dealt with on the assembly level -->
+<topic xml:id="journal-what-it-is"
+ role="concept" xml:lang="en"
+ xmlns="http://docbook.org/ns/docbook" version="5.2"
+ xmlns:its="http://www.w3.org/2005/11/its"
+ xmlns:xi="http://www.w3.org/2001/XInclude"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:trans="http://docbook.org/ns/transclusion">
+  <info>
+    <title>About journal</title><!-- can be changed via merge in the assembly -->
+    <!--add author's email address-->
+    <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
+    <abstract><!-- can be changed via merge in the assembly -->
+      <para>
+       Journal is a  centralization and unification of logs from all sources, and it stores events in structured manner which in turn helps identifying errors and in crash recovery.
+      </para>
+    </abstract>
+  </info>
+  <section xml:id="journal-what-it-is-location">
+    <title>Where can I find the journal?</title>
+    <para>
+      By default, <literal>journald</literal> stores the collected data in the volatile memory in
+      <filename>/run/log/journal</filename>, so after reboot the data is lost.
+    </para>
+  </section>
+  <section xml:id="journal-what-it-is-structure">
+    <title>The structure of the journal</title>
+    <para>
+      A paragraph of text, answering the question above and explaining the
+      mechanism behind foo bar.
+    </para>
+    
+  </section>
+</topic>

From fbb2bac184b7ef7ec03f9f407d6e1ad0bb966d6c Mon Sep 17 00:00:00 2001
From: Jana Halackova <jsindelarova@suse.com>
Date: Fri, 5 Dec 2025 16:26:16 +0100
Subject: [PATCH 29/32] Changed the journal section.

---
 concepts/journal-about-journald.xml |  55 +-------------
 concepts/journal-structure.xml      | 114 +++++++++++++++++++++++++++-
 2 files changed, 114 insertions(+), 55 deletions(-)

diff --git a/concepts/journal-about-journald.xml b/concepts/journal-about-journald.xml
index 4b9549cf4..7542a0c36 100644
--- a/concepts/journal-about-journald.xml
+++ b/concepts/journal-about-journald.xml
@@ -27,55 +27,8 @@
   </info>
   <para>
     On &productname; the <literal>systemd-journald</literal> service is enabled and started by
-    default. The service logs the data into the journal described in <xref linkend="journal-what-it-is"./>
-    </para>
-        
-        
-        as its logging system. The <command>systemd-journald</command> service is enabled by default.</para>
-    <para>All system events are written to the journal, a system service managed by <command>systemd-journald</command> service. This allows you to search and manage all system logs. It collects and stores logging data by maintaining structured indexed journals based on logging information received from the kernel, user processes, standard input, and system service errors. The journal records nearly every type of event generated on the system, including kernel messages, initrd (initial RAM disk) messages, service startup/shutdown, application events, and authentication and session data. Journal allows centralization and unification of logs from all sources, and it records events in structured manner which in turn helps identifying errors and in crash recovery.</para>
-   <para><command>journalctl</command> is the command-line tool to view and analyze the logs from the <command>systemd-journald</command> service.</para></abstract>
-  
-   </info>
-   <section><title>Understanding <command>journalctl</command> configuration and structure</title>
-  <para>
-   This section describes the <command>journalctl</command> location, configuring the location for persistent logs, and the <command>journalctl</command> entry structure.
-  </para>
-<itemizedlist>
-<listitem><para>Verify the logs location:</para>
-<screen>&prompt.sudo; ls /var/log/journal
-&prompt.sudo; ls /run/log/journal
-</screen>
-  <para>The <command>journald</command> command collects log data from several sources simultaneously logs and are then managed in a structured, binary format within files in <filename>/run/log/journal/</filename> by default. Because the <filename>/run/ directory</filename> is volatile by nature, log data is lost at reboot. To make the log data persistent, create a directory <filename>/var/log/journal/</filename> so the <command>systemd-journald</command> service can store its data. To switch to persistent logging across reboots, create <filename>/var/log/journal</filename>:</para>
-  <screen>&prompt.sudo;  mkdir /var/log/journal
-&prompt.sudo;  systemd-tmpfiles --create --prefix=/var/log/journal
-&prompt.sudo;  journalctl --flush</screen>
-<para>All log data stored in <filename>/run/log/journal/</filename> are flushed into <filename>/var/log/journal/</filename>.</para>
-</listitem>
-<listitem><para>View the journal entry structure:</para>
-<screen>&prompt.sudo; journalctl -n 1 -o verbose</screen>
-<para>Log entry in the journal is a data structure containing the log message and  metadata fields:</para>
-<itemizedlist><listitem><para>Timestamp: The exact time the event occurred.</para></listitem>
-<listitem><para>Source Fields</para>
-<itemizedlist>
-  <listitem><para>_PID: Process ID of the sender.</para></listitem>
-  <listitem><para>_UID/_GID: User/Group ID of the sender.</para></listitem>
-  <listitem><para>_EXE: Path to the executable.</para></listitem>
-  <listitem><para>_COMM: Name of the executable.</para></listitem>
-</itemizedlist>
-</listitem>
-<listitem><para>System Fields</para>
-<itemizedlist>
-  <listitem><para>_SYSTEMD_UNIT: The systemd unit (service) that generated the log (e.g., sshd.service).</para></listitem>
-  <listitem><para>_BOOT_ID: A unique identifier for the specific system boot session.</para></listitem>
-</itemizedlist>
-</listitem>
-<listitem><para>Kernel Fields</para>
-<itemizedlist>
-  <listitem><para>_TRANSPORT: How the message was logged (e.g., kernel, syslog, stdout).</para></listitem>
-</itemizedlist>
-</listitem><listitem><para>Priority level: A numeric value indicating the severity of the message (0=emerg, 7=debug).</para></listitem>
-</itemizedlist>
-</listitem>
-</itemizedlist>
-</section>
+    default. The service logs the data into the journal described in <xref linkend="journal-what-it-is"/>.
+    </para>        
+      
+
 </topic>
diff --git a/concepts/journal-structure.xml b/concepts/journal-structure.xml
index 5f26e3d17..742670914 100644
--- a/concepts/journal-structure.xml
+++ b/concepts/journal-structure.xml
@@ -23,7 +23,7 @@
     <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
     <abstract><!-- can be changed via merge in the assembly -->
       <para>
-       Journal is a  centralization and unification of logs from all sources, and it stores events in structured manner which in turn helps identifying errors and in crash recovery.
+       Journal is a centralization and unification of logs from all sources, and it stores events in structured manner which in turn helps identifying errors and in crash recovery.
       </para>
     </abstract>
   </info>
@@ -33,13 +33,119 @@
       By default, <literal>journald</literal> stores the collected data in the volatile memory in
       <filename>/run/log/journal</filename>, so after reboot the data is lost.
     </para>
+    <para>
+      If <literal>systemd-journald</literal> is configured to store the logs in a persistent
+      manner, you can find the journal in <filename>/var/log/journal</filename>. Ensure that the
+      directoy exists:
+    </para>
+    <procedure>
+      <step>
+        <para>
+          Check if the directory exist:
+        </para>
+          <screen>&prompt.sudo;<command>ls /var/log</command>
+...        
+journal                             
+...
+
+          </screen>
+        
+      </step>
+      <step>
+        <para>If the <filename>/var/log/journal</filename> directory does not exist, create
+        it:</para>
+        <screen>&prompt.sudo;<command>mkdir /var/log/journal</command>     
+        </screen>
+      </step>
+      <step>
+        <para>
+          Set correct ownership and access perimissions:
+        </para>
+        <screen>&prompt.sudo;  systemd-tmpfiles --create --prefix=/var/log/journal</screen>
+      </step>
+      <step performance="optional">
+        <para>
+          To flush the data from RAM to the directory:
+        </para>
+        <screen>&prompt.sudo;  <command>journalctl --flush</command></screen>
+      </step>
+    </procedure>
+    <para>For details about
+      the service configuration, refer to <xref linkend="journal-configure-journald"/>.
+    </para>
   </section>
   <section xml:id="journal-what-it-is-structure">
-    <title>The structure of the journal</title>
+    <title>The journal logs structure</title>
     <para>
-      A paragraph of text, answering the question above and explaining the
-      mechanism behind foo bar.
+      The logs are stored in binary format across several files. To view the structure of a log
+      entry, proceed as follows:
     </para>
+    <screen>&prompt.sudo; <command>journalctl -n 1 -o verbose</command>
     
+    Fri 2025-12-05 10:52:53.284321 CET [s=5b7ae2e926794210bf832d014f5f560a;i=d49752&gt;
+    _UID=1000
+    _AUDIT_SESSION=3
+    _AUDIT_LOGINUID=1000
+    _SYSTEMD_OWNER_UID=1000
+    _SYSTEMD_UNIT=user@1000.service
+    _SYSTEMD_SLICE=user-1000.slice
+    _MACHINE_ID=d3489468c8534c5d81a2860cf9a2a20e
+    _RUNTIME_SCOPE=system
+    _SELINUX_CONTEXT=unconfined
+    PRIORITY=6
+    _TRANSPORT=syslog
+    _BOOT_ID=d095069bd59b4bc4bf67c8c71999243b
+   SYSLOG_IDENTIFIER=sudo
+    SYSLOG_TIMESTAMP=Dec  5 10:52:53 
+    _PID=25806
+    _COMM=sudo
+    _EXE=/usr/bin/sudo
+    _CMDLINE=sudo journalctl -n 1 -o verbose
+
+    ...
+    </screen>
+    <para>The log entry is a data structure containing the log message and metadata fields:</para>
+    <variablelist>
+      <varlistentry>
+        <term>Timestamp</term>
+        <listitem>
+          <para>
+The exact time the event occured
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>Source Fields</term>
+        <listitem>
+          
+            <itemizedlist>
+  <listitem><para><literal>_PID</literal>: process ID of the sender</para></listitem>
+  <listitem><para><literal>_UID/_GID</literal>: User/Group ID of the sender</para></listitem>
+  <listitem><para><literal>_EXE</literal>: path to the executable</para></listitem>
+  <listitem><para><literal>_COMM</literal>: name of the executable</para></listitem>
+</itemizedlist>          
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>System Fields</term>
+        <listitem>
+          <itemizedlist>
+  <listitem><para><literal>_SYSTEMD_UNIT</literal>: The systemd unit (service) that generated the
+  log (for example, <literal>sshd.service</literal>)</para></listitem>
+  <listitem><para><literal>_BOOT_ID</literal>: A unique identifier for the specific system boot session</para></listitem>
+</itemizedlist>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>Kernel Fields</term>
+        <listitem><para><literal>_TRANSPORT</literal>: How the message was logged (e.g., kernel, syslog, stdout).</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>Priority level</term>
+        <listitem>
+          <para>A numeric value indicating the severity of the message (0=emerg, 7=debug)</para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
   </section>
 </topic>

From 5d26a1a00af24b44643380f074778dd90d742951 Mon Sep 17 00:00:00 2001
From: Jana Halackova <jsindelarova@suse.com>
Date: Tue, 9 Dec 2025 08:43:45 +0100
Subject: [PATCH 30/32] Completed the article.

---
 articles/journalctl.asm.xml        |  9 +++-
 concepts/journactl-about.xml       | 38 +++++++++++++
 references/journalctl-usage.xml    | 32 ++++++-----
 tasks/journald-configure.xml       |  2 +-
 tasks/journald-filter-journals.xml | 87 +++++++++++++++---------------
 5 files changed, 108 insertions(+), 60 deletions(-)
 create mode 100644 concepts/journactl-about.xml

diff --git a/articles/journalctl.asm.xml b/articles/journalctl.asm.xml
index 632bc2872..ce591afb4 100644
--- a/articles/journalctl.asm.xml
+++ b/articles/journalctl.asm.xml
@@ -15,7 +15,9 @@ xmlns="http://docbook.org/ns/docbook">
 <!-- R E S O U R C E S -->
 <resources>
 <!-- concepts -->
-<resource href="../concepts/journal-about-journald.xml" xml:id="_journal-about-journald"/> 
+<resource href="../concepts/journal-about-journald.xml" xml:id="_journal-about-journald"/>
+ <resource href="../concepts/journal-structure.xml" xml:id="_journal-structure"/>
+ <resource href="../concepts/journactl-about.xml" xml:id="_journactl-about"/>
 <!-- glue -->
 <!-- tasks--> 
 <resource href="../tasks/journald-configure.xml" xml:id="_journald-configure"/> 
@@ -140,8 +142,11 @@ You must have &sudo; privileges.
 <module renderas="section" resourceref="_journal-about-journald">
   <module renderas="section" resourceref="_journald-configure"/>
   </module>
-<module renderas="section" resourceref="_journald-filter-journals"/>
+  <module renderas="section" resourceref="_journal-structure"/>
+<module renderas="section" resourceref="_journactl-about">
 <module renderas="section" resourceref="_journalctl-usage"/>
+</module>
+<module renderas="section" resourceref="_journald-filter-journals"/>
 
 <module renderas="section" resourceref="_systemd-journald-troubleshooting"/>
 <module resourceref="_legal"/>
diff --git a/concepts/journactl-about.xml b/concepts/journactl-about.xml
new file mode 100644
index 000000000..f5d1bf822
--- /dev/null
+++ b/concepts/journactl-about.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- This file originates from the project https://github.com/openSUSE/doc-kit -->
+<!-- This file can be edited downstream. -->
+<!DOCTYPE topic
+[
+  <!ENTITY % entities SYSTEM "../common/generic-entities.ent">
+    %entities;
+]>
+<!-- refers to legacy doc: <add github link to legacy doc piece, if applicable> -->
+<!-- point back to this document with a similar comment added to your legacy doc piece -->
+<!-- refer to README.md for file and id naming conventions -->
+<!-- metadata is dealt with on the assembly level -->
+<topic xml:id="journald-about-journactl"
+ role="concept" xml:lang="en"
+ xmlns="http://docbook.org/ns/docbook" version="5.2"
+ xmlns:its="http://www.w3.org/2005/11/its"
+ xmlns:xi="http://www.w3.org/2001/XInclude"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:trans="http://docbook.org/ns/transclusion">
+  <info>
+    <title>The <command>journalctl</command> command</title><!-- can be changed via merge in the assembly -->
+    <!--add author's email address-->
+    <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
+    <abstract><!-- can be changed via merge in the assembly -->
+      <para>
+<command>journalctl</command> is a command-line utility used to query and display logs collected by
+the <command>systemd-journald</command>.
+    </para>    
+    </abstract>
+  </info>
+  <para>
+    Because the logging system stores data in a binary format (for performance and security) rather
+    than plain text, you cannot use standard tools like <command>cat</command> or
+    <command>less</command> to open the files directly. So the <command>journalctl</command>
+    command decodes the data and displays it according to the provided parameters.
+  </para>
+  
+</topic>
diff --git a/references/journalctl-usage.xml b/references/journalctl-usage.xml
index 57f1869af..1f9ff7977 100644
--- a/references/journalctl-usage.xml
+++ b/references/journalctl-usage.xml
@@ -21,22 +21,20 @@
   <title>Using <command>journalctl</command></title>
   <abstract>
     <para>
-   Running the <command>journalctl</command> without any options displays all logged messages, usually starting from the oldest, and pipes the output through a pager (like less) for easy navigation.
-  </para>
+This section describes the generic usage of the <command>journalctl</command> command.
+    </para>
+    
   </abstract>
   <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
  </info>
-
- <para>
-   You can run the <command>journalctl</command>:
-  </para>
-   <section>
-  <title>Use <command>journalctl</command></title>
-  <para>
+<para>
    Running the <command>journalctl</command> without any options displays all logged messages, usually starting from the oldest, and pipes the output through a pager (like less) for easy navigation.
   </para>
-<para>Listed below are the common  useful options to enhance the default <command>journalctl</command> behavior. All switches are described in the <command>journalctl</command> man page, man 1 <command>journalctl</command>. </para>
-  <tip>
+ <para>
+   The general syntax of the <command>journalctl</command> command is as follows:
+  </para>
+   <screen>&prompt.sudo;<command>journalctl [OPTIONS...] [MATCHES...]</command></screen>
+   <tip>
    <title>Messages related to a specific executable</title>
    <para>
     To show all journal messages related to a specific executable, specify the
@@ -44,6 +42,10 @@
    </para>
 <screen>&prompt.sudo;journalctl /usr/lib/systemd/systemd</screen>
   </tip>
+  <para>
+   Running the command without any options displays all logged messages, usually starting from the oldest, and pipes the output through a pager (like <command>less</command>) for easy navigation.
+  </para>
+<para>Listed below are the common  useful options to enhance the default <command>journalctl</command> behavior:</para>  
   <variablelist>
    <varlistentry>
     <term>-f</term>
@@ -55,7 +57,7 @@
     </listitem>
    </varlistentry>
    <varlistentry>
-    <term/>
+    <term></term>
     <listitem>
      <para>
       Prints the messages and jumps to the end of the journal, so that the
@@ -93,6 +95,8 @@
     </listitem>
    </varlistentry>
   </variablelist>
-  <para/>
-</section>
+  <para>
+    For a complete list of options refer to man page, man 1 <command>journalctl</command>.
+  </para>
+
 </topic>
diff --git a/tasks/journald-configure.xml b/tasks/journald-configure.xml
index e173259f4..2ef46a909 100644
--- a/tasks/journald-configure.xml
+++ b/tasks/journald-configure.xml
@@ -92,7 +92,7 @@ TTYPath=/dev/tty12</screen>
         <itemizedlist>
           <listitem><para>Install rsyslog</para><screen>rpm -q rsyslog</screen></listitem>
           <listitem><para>Enable rsyslog</para><screen>systemctl is-enabled rsyslog</screen></listitem>
-          <listitem><para>Enable forwarding to rsyslog in  in <filename>/etc/systemd/journald.conf</filename></para><screen>ForwardToSyslog=yes</screen></listitem>
+          <listitem><para>Enable forwarding to rsyslog in <filename>/etc/systemd/journald.conf</filename></para><screen>ForwardToSyslog=yes</screen></listitem>
         </itemizedlist>
         <para>For more information on file description, see <command>man 5 journald.conf</command>.</para>
       </listitem>
diff --git a/tasks/journald-filter-journals.xml b/tasks/journald-filter-journals.xml
index 3ba4109ee..85f6285c3 100644
--- a/tasks/journald-filter-journals.xml
+++ b/tasks/journald-filter-journals.xml
@@ -28,61 +28,62 @@ in the assembly -->
   </para></abstract>
   </info>
   <para>
-    You can filter journals based on boot number, time interval, and fields.
+    You can filter journals based on boot number, time interval, and fields. For details refer to following sections.
   </para>
-    <procedure>
-      <title>Filtering journals</title>
-       <step><para>Filter logs based on specific system boot:</para>
-        <itemizedlist>
-          <listitem>
-            <para>List all the available boots:</para>
-              <screen>&prompt.sudo;journalctl --list-boots</screen>
-            <para>The first column lists the boot offset: <literal>0</literal> for the current boot, <literal>-1</literal> for the previous one,
+  <section xml:id="journal-filter-journals-boots">
+    <title>Filter logs based on specific system boot</title>
+    <para>
+      To list logs for all the available boots, run the command as follows:
+    </para>
+    <screen>&prompt.sudo;journalctl --list-boots</screen>
+    <para>The first column lists the boot offset: <literal>0</literal> for the current boot, <literal>-1</literal> for the previous one,
     <literal>-2</literal> for the one before that, etc. The second column contains the boot ID followed by the limiting time stamps of the specific
     boot.</para>
-          </listitem>
-          <listitem><para>Show all messages from the current boot:</para>
-            <screen>&prompt.sudo;journalctl -b</screen></listitem>
-          <listitem><para>To view journal messages from the previous boot, add an offset
+    <para>
+      To show all messages from the current boot:
+    </para>
+    <screen>&prompt.sudo;journalctl -b</screen>
+    <para>To view journal messages from the previous boot, add an offset
     parameter. The following example command shows the previous boot messages:</para>
-            <screen>&prompt.sudo;journalctl -b -1</screen></listitem>
-          <listitem><para>To view boot messages based on the boot ID, <literal>156019a44a774a0bb0148a92df4af81b</literal>:</para>
-            <screen>&prompt.sudo;journalctl _BOOT_ID=156019a44a774a0bb0148a92df4af81b</screen></listitem>
-  </itemizedlist></step>
-        <step><para>Filter logs based on time interval</para>
-              <para>You can filter the output of <command>journalctl</command> by specifying the starting and/or ending date. The date specification should be of the format<literal>YYYY-MM-DD H:MM:SS</literal>. If the time part is omitted, midnight is assumed. If seconds are omitted, <literal>:00</literal> is assumed. If the date part is omitted, the current day is assumed. Instead of numeric expression, you can specify the keywords <literal>yesterday</literal>,
-    <literal>today</literal> or <literal>tomorrow</literal>. They refer to midnight of the day before the current day, of the current day, or of the day after the current day. If you specify <literal>now</literal>, it refers to the current time. You can also specify relative times prefixed with <literal>-</literal> or <literal>+</literal>, referring to times before or after the current time.</para>
-          <itemizedlist>
-            <listitem>
+            <screen>&prompt.sudo;journalctl -b -1</screen>
+    <para>To view boot messages based on the boot ID, <literal>156019a44a774a0bb0148a92df4af81b</literal>:</para>
+    <screen>&prompt.sudo;journalctl _BOOT_ID=156019a44a774a0bb0148a92df4af81b</screen>
+  </section>
+  <section xml:id="journal-filter-journals-time">
+    <title>Filtering logs based on time interval</title>
+    <para>You can filter the output of <command>journalctl</command> by specifying the starting and/or ending date. The date specification should be of the format<literal>YYYY-MM-DD H:MM:SS</literal>. If the time part is omitted, midnight is assumed. If seconds are omitted, <literal>:00</literal> is assumed. If the date part is omitted, the current day is assumed. Instead of numeric expression, you can specify the keywords <literal>yesterday</literal>,
+    <literal>today</literal> or <literal>tomorrow</literal>. They refer to midnight of the day
+    before the current day, of the current day, or of the day after the current day. If you specify
+    <literal>now</literal>, it refers to the current time. You can also specify relative times
+    prefixed with <literal>-</literal> or <literal>+</literal>, referring to times before or after
+    the current time.</para>
+    
               <para>To view only new messages since now, and update the output continuously:</para>
-              <screen>&prompt.sudo;journalctl --since "now" -f</screen></listitem>
-            <listitem><para>To view all messages since last midnight till <literal>3:20am</literal>:</para>
-              <screen>&prompt.sudo;journalctl --since "today" --until "3:20"</screen></listitem>
-          </itemizedlist>
-        </step>
-        <step><para>Filter logs based on fields</para>
+              <screen>&prompt.sudo;journalctl --since "now" -f</screen>
+            <para>To view all messages since last midnight till <literal>3:20am</literal>:</para>
+              <screen>&prompt.sudo;journalctl --since "today" --until "3:20"</screen>
+  </section>
+  <section xml:id="journal-filter-journals-fields">
+    <title>Filtering logs based on fields</title> 
+        
           <para>You can filter the output of the journal by specific fields. The syntax of a field to be matched is <literal>FIELD_NAME=MATCHED_VALUE</literal>, such
     as <literal>_SYSTEMD_UNIT=httpd.service</literal>. You can specify multiple matches in a single query to filter the output messages even more. See
     <command>man 7 systemd.journal-fields</command> for a list of default fields.</para>
-          <itemizedlist>
-            <listitem>
-              <para>To view messages produced by a specific process ID, for example <literal>PID_1039</literal>:</para>
-<screen>&prompt.sudo;journalctl _PID=1039</screen></listitem>
-            <listitem><para>To view messages belonging to a specific user ID, for example <literal>UID_1000</literal>:</para>
-              <screen># journalctl _UID=1000</screen></listitem>
-            <listitem><para>To view messages from the kernel ring buffer (the same as <command>dmesg</command> displays):</para>
-              <screen>&prompt.sudo;journalctl _TRANSPORT=kernel</screen></listitem>
-            <listitem><para>To view messages from the service's standard or error output:</para>
-              <screen>&prompt.sudo;journalctl _TRANSPORT=stdout</screen></listitem>
-            <listitem><para>To view messages produced by a specified service only:</para>
+          
+              <para>To view messages produced by a specific process ID: <literal>PID_1039</literal>:</para>
+<screen>&prompt.sudo;journalctl _PID=1039</screen><para>To view messages belonging to a specific user ID: <literal>UID_1000</literal>:</para>
+              <screen>&prompt.sudo; journalctl _UID=1000</screen>
+            <para>To view messages from the kernel ring buffer (the same as <command>dmesg</command> displays):</para>
+              <screen>&prompt.sudo;journalctl _TRANSPORT=kernel</screen>
+            <para>To view messages from the service's standard or error output:</para>
+              <screen>&prompt.sudo;journalctl _TRANSPORT=stdout</screen>
+            <para>To view messages produced by a specified service only:</para>
               <screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service</screen>
               <para>If two different fields are specified, only entries that match both expressions at the same time are shown:</para>
               <screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=1488</screen>
               <para>If two matches refer to the same field, all entries matching either expression are shown:</para>
               <screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service _SYSTEMD_UNIT=dbus.service</screen>
               <para>You can use the <literal>+</literal> separator to combine two expressions in a logical <literal>OR</literal>. The following example shows all messages from the Avahi service process with the process ID 1480 together with all messages from the D-Bus service:</para>
-              <screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=1480 + _SYSTEMD_UNIT=dbus.service</screen></listitem>
-            </itemizedlist>
-    </step>
-</procedure>
+              <screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=1480 + _SYSTEMD_UNIT=dbus.service</screen>
+</section>
 </topic>

From f234c650f07a996842944084d4d3ee61fea430ab Mon Sep 17 00:00:00 2001
From: Shalaka Harne <135588263+harneshalaka@users.noreply.github.com>
Date: Thu, 11 Dec 2025 21:16:50 +0530
Subject: [PATCH 31/32] Apply suggestions from code review

Fixed editorial comments.

Co-authored-by: Daria Vladykina <daria.vladykina@suse.com>
---
 articles/journalctl.asm.xml                |  6 +++---
 concepts/journactl-about.xml               |  2 +-
 concepts/journal-about-journald.xml        |  4 ++--
 concepts/journal-structure.xml             | 22 +++++++++++-----------
 references/journalctl-usage.xml            |  4 ++--
 tasks/journald-configure.xml               | 12 ++++++------
 tasks/journald-filter-journals.xml         | 14 +++++++-------
 tasks/systemd-journald-troubleshooting.xml | 17 +++++++++--------
 8 files changed, 41 insertions(+), 40 deletions(-)

diff --git a/articles/journalctl.asm.xml b/articles/journalctl.asm.xml
index ce591afb4..5d3b993c8 100644
--- a/articles/journalctl.asm.xml
+++ b/articles/journalctl.asm.xml
@@ -67,7 +67,7 @@ Initial version
 <!-- Social Media -->
 <meta name="title">Mastering System Logs: From <command>systemd-journald</command> to <command>journalctl</command></meta>
 <meta name="description">
-How to view and manage &productnameshort; logs using <command>journalctl</command></meta>
+Learn how to view and manage &productnameshort; logs using <command>journalctl</command></meta>
 <!-- Search -->
 <meta name="social-descr">Mastering System Logs: From <command>systemd-journald</command> to <command>journalctl</command></meta>
 <!-- Task -->
@@ -100,7 +100,7 @@ How to view and manage &productnameshort; logs using <command>journalctl</comman
 <term>WHAT?</term>
 <listitem>
 <para>
-You can view and analyze logs from <command>systemd-journald</command> using the <command>journalctl</command> command-line tool.
+View and analyze logs from <command>systemd-journald</command> using the <command>journalctl</command> command-line tool.
 </para>
 </listitem>
 </varlistentry>
@@ -108,7 +108,7 @@ You can view and analyze logs from <command>systemd-journald</command> using the
 <term>WHY?</term>
 <listitem>
 <para>
-This article is intended to provide a complete overview of tasks that can be performed using the <command>journalctl</command> command-line tool.
+This article provides a complete overview of tasks that can be performed using the <command>journalctl</command> command-line tool.
 </para>
 </listitem>
 </varlistentry>
diff --git a/concepts/journactl-about.xml b/concepts/journactl-about.xml
index f5d1bf822..84ed3672a 100644
--- a/concepts/journactl-about.xml
+++ b/concepts/journactl-about.xml
@@ -31,7 +31,7 @@ the <command>systemd-journald</command>.
   <para>
     Because the logging system stores data in a binary format (for performance and security) rather
     than plain text, you cannot use standard tools like <command>cat</command> or
-    <command>less</command> to open the files directly. So the <command>journalctl</command>
+    <command>less</command> to open the files directly. So, the <command>journalctl</command>
     command decodes the data and displays it according to the provided parameters.
   </para>
   
diff --git a/concepts/journal-about-journald.xml b/concepts/journal-about-journald.xml
index 7542a0c36..c014e17c2 100644
--- a/concepts/journal-about-journald.xml
+++ b/concepts/journal-about-journald.xml
@@ -16,7 +16,7 @@
  xmlns:xlink="http://www.w3.org/1999/xlink"
  xmlns:trans="http://docbook.org/ns/transclusion">
   <info>
-    <title>About <literal>journald</literal></title>
+    <title>The <command>systemd-journald</command> service</title>
     <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
     <abstract>
       <para>
@@ -26,7 +26,7 @@
     </abstract>   
   </info>
   <para>
-    On &productname; the <literal>systemd-journald</literal> service is enabled and started by
+    On &productname;, the <literal>systemd-journald</literal> service is enabled and started by
     default. The service logs the data into the journal described in <xref linkend="journal-what-it-is"/>.
     </para>        
       
diff --git a/concepts/journal-structure.xml b/concepts/journal-structure.xml
index 742670914..536f7d58d 100644
--- a/concepts/journal-structure.xml
+++ b/concepts/journal-structure.xml
@@ -18,12 +18,12 @@
  xmlns:xlink="http://www.w3.org/1999/xlink"
  xmlns:trans="http://docbook.org/ns/transclusion">
   <info>
-    <title>About journal</title><!-- can be changed via merge in the assembly -->
+    <title>About the journal</title><!-- can be changed via merge in the assembly -->
     <!--add author's email address-->
     <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
     <abstract><!-- can be changed via merge in the assembly -->
       <para>
-       Journal is a centralization and unification of logs from all sources, and it stores events in structured manner which in turn helps identifying errors and in crash recovery.
+      The journal is a centralized, unified storage system for log data from all sources. It stores events in a structured manner, which helps with error identification and crash recovery.
       </para>
     </abstract>
   </info>
@@ -35,8 +35,8 @@
     </para>
     <para>
       If <literal>systemd-journald</literal> is configured to store the logs in a persistent
-      manner, you can find the journal in <filename>/var/log/journal</filename>. Ensure that the
-      directoy exists:
+      manner, you can find the journal in <filename>/var/log/journal</filename>. See if the
+      directory is there:
     </para>
     <procedure>
       <step>
@@ -59,7 +59,7 @@ journal
       </step>
       <step>
         <para>
-          Set correct ownership and access perimissions:
+          Set the correct ownership and access permissions:
         </para>
         <screen>&prompt.sudo;  systemd-tmpfiles --create --prefix=/var/log/journal</screen>
       </step>
@@ -75,7 +75,7 @@ journal
     </para>
   </section>
   <section xml:id="journal-what-it-is-structure">
-    <title>The journal logs structure</title>
+    <title>The journal log structure</title>
     <para>
       The logs are stored in binary format across several files. To view the structure of a log
       entry, proceed as follows:
@@ -110,12 +110,12 @@ journal
         <term>Timestamp</term>
         <listitem>
           <para>
-The exact time the event occured
+The exact time the event occurred
           </para>
         </listitem>
       </varlistentry>
       <varlistentry>
-        <term>Source Fields</term>
+        <term>Source fields</term>
         <listitem>
           
             <itemizedlist>
@@ -127,7 +127,7 @@ The exact time the event occured
         </listitem>
       </varlistentry>
       <varlistentry>
-        <term>System Fields</term>
+        <term>System fields</term>
         <listitem>
           <itemizedlist>
   <listitem><para><literal>_SYSTEMD_UNIT</literal>: The systemd unit (service) that generated the
@@ -137,8 +137,8 @@ The exact time the event occured
         </listitem>
       </varlistentry>
       <varlistentry>
-        <term>Kernel Fields</term>
-        <listitem><para><literal>_TRANSPORT</literal>: How the message was logged (e.g., kernel, syslog, stdout).</para></listitem>
+        <term>Kernel fields</term>
+        <listitem><para><literal>_TRANSPORT</literal>: How the message was logged (e.g., kernel, syslog, stdout)</para></listitem>
       </varlistentry>
       <varlistentry>
         <term>Priority level</term>
diff --git a/references/journalctl-usage.xml b/references/journalctl-usage.xml
index 1f9ff7977..13638a9f3 100644
--- a/references/journalctl-usage.xml
+++ b/references/journalctl-usage.xml
@@ -28,7 +28,7 @@ This section describes the generic usage of the <command>journalctl</command> co
   <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
  </info>
 <para>
-   Running the <command>journalctl</command> without any options displays all logged messages, usually starting from the oldest, and pipes the output through a pager (like less) for easy navigation.
+   Running <command>journalctl</command> without any options displays all logged messages, usually starting from the oldest, and pipes the output through a pager (like <command>less</command>) for easy navigation.
   </para>
  <para>
    The general syntax of the <command>journalctl</command> command is as follows:
@@ -43,7 +43,7 @@ This section describes the generic usage of the <command>journalctl</command> co
 <screen>&prompt.sudo;journalctl /usr/lib/systemd/systemd</screen>
   </tip>
   <para>
-   Running the command without any options displays all logged messages, usually starting from the oldest, and pipes the output through a pager (like <command>less</command>) for easy navigation.
+  
   </para>
 <para>Listed below are the common  useful options to enhance the default <command>journalctl</command> behavior:</para>  
   <variablelist>
diff --git a/tasks/journald-configure.xml b/tasks/journald-configure.xml
index 2ef46a909..83f34bb0d 100644
--- a/tasks/journald-configure.xml
+++ b/tasks/journald-configure.xml
@@ -76,7 +76,7 @@ ForwardToSyslog=yes</screen>
 &prompt.sudo; systemctl restart systemd-journald</screen>
       </listitem>
       <listitem>
-      <para>To limit logs rate to prevent flooding logs:</para>
+      <para>To limit the log rate to prevent flooding logs:</para>
         <screen>RateLimitIntervalSec=30s
 RateLimitBurst=1000</screen>
     </listitem>
@@ -88,13 +88,13 @@ RateLimitBurst=1000</screen>
 TTYPath=/dev/tty12</screen>
       </listitem>
       <listitem>
-        <para>To forward logs to syslog, modify <command>ForwardToSyslog=yes</command>.Journald is backward compatible with traditional syslog implementations such as rsyslog.</para>
+        <para>To forward logs to syslog, modify <command>ForwardToSyslog=yes</command>. <literal>journald</literal> is backward compatible with traditional syslog implementations such as rsyslog.</para>
         <itemizedlist>
-          <listitem><para>Install rsyslog</para><screen>rpm -q rsyslog</screen></listitem>
-          <listitem><para>Enable rsyslog</para><screen>systemctl is-enabled rsyslog</screen></listitem>
-          <listitem><para>Enable forwarding to rsyslog in <filename>/etc/systemd/journald.conf</filename></para><screen>ForwardToSyslog=yes</screen></listitem>
+          <listitem><para>Install rsyslog:</para><screen>rpm -q rsyslog</screen></listitem>
+          <listitem><para>Enable rsyslog:</para><screen>systemctl is-enabled rsyslog</screen></listitem>
+          <listitem><para>Enable forwarding to rsyslog in <filename>/etc/systemd/journald.conf</filename>:</para><screen>ForwardToSyslog=yes</screen></listitem>
         </itemizedlist>
-        <para>For more information on file description, see <command>man 5 journald.conf</command>.</para>
+        <para>For more information on file descriptions, see <command>man 5 journald.conf</command>.</para>
       </listitem>
     </itemizedlist>
     </step>
diff --git a/tasks/journald-filter-journals.xml b/tasks/journald-filter-journals.xml
index 85f6285c3..a6743dd7f 100644
--- a/tasks/journald-filter-journals.xml
+++ b/tasks/journald-filter-journals.xml
@@ -22,16 +22,16 @@ in the assembly -->
     <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
     <abstract><!-- can be changed via merge in the assembly -->
       <para>
-   This section describes how to refine the search in logs according to boot numbers, for specific time interval or to view specific data fields.
-   content of the journal, the oldest entries listed first. The output can be
-   filtered by specific switches and fields.
+   This section describes how to refine searches in logs, for example, by boot number,
+   by a specific time interval, or to view specific data fields. By default, the journal lists 
+   the oldest entries first. The output can be filtered using specific switches and fields.
   </para></abstract>
   </info>
   <para>
-    You can filter journals based on boot number, time interval, and fields. For details refer to following sections.
+    You can filter journals based on boot number, time interval, and fields. For details, refer to the following sections.
   </para>
   <section xml:id="journal-filter-journals-boots">
-    <title>Filter logs based on specific system boot</title>
+    <title>Filter logs based on a specific system boot</title>
     <para>
       To list logs for all the available boots, run the command as follows:
     </para>
@@ -51,7 +51,7 @@ in the assembly -->
   </section>
   <section xml:id="journal-filter-journals-time">
     <title>Filtering logs based on time interval</title>
-    <para>You can filter the output of <command>journalctl</command> by specifying the starting and/or ending date. The date specification should be of the format<literal>YYYY-MM-DD H:MM:SS</literal>. If the time part is omitted, midnight is assumed. If seconds are omitted, <literal>:00</literal> is assumed. If the date part is omitted, the current day is assumed. Instead of numeric expression, you can specify the keywords <literal>yesterday</literal>,
+    <para>You can filter the output of <command>journalctl</command> by specifying the starting and/or ending date. The date specification should be of the format <literal>YYYY-MM-DD H:MM:SS</literal>. If the time part is omitted, midnight is assumed. If seconds are omitted, <literal>:00</literal> is assumed. If the date part is omitted, the current day is assumed. Instead of a numeric expression, you can specify the keywords <literal>yesterday</literal>,
     <literal>today</literal> or <literal>tomorrow</literal>. They refer to midnight of the day
     before the current day, of the current day, or of the day after the current day. If you specify
     <literal>now</literal>, it refers to the current time. You can also specify relative times
@@ -60,7 +60,7 @@ in the assembly -->
     
               <para>To view only new messages since now, and update the output continuously:</para>
               <screen>&prompt.sudo;journalctl --since "now" -f</screen>
-            <para>To view all messages since last midnight till <literal>3:20am</literal>:</para>
+            <para>To view all messages since last midnight until <literal>3:20am</literal>:</para>
               <screen>&prompt.sudo;journalctl --since "today" --until "3:20"</screen>
   </section>
   <section xml:id="journal-filter-journals-fields">
diff --git a/tasks/systemd-journald-troubleshooting.xml b/tasks/systemd-journald-troubleshooting.xml
index ef6d25296..2b69d8d89 100644
--- a/tasks/systemd-journald-troubleshooting.xml
+++ b/tasks/systemd-journald-troubleshooting.xml
@@ -30,10 +30,10 @@ in the assembly -->
 <procedure>
   <step><para>View the list of failed &systemd; units:</para>
   <screen>systemctl --failed</screen>
-<para>The list of all failed services appear.</para></step>
+<para>The list of all failed services appears.</para></step>
   <step><para>Identify the severity and content of the error.</para>
     <screen>journalctl -p 0..7 -b</screen>
-    <para>The list of errors with priority level <literal>0 to 7</literal> appears. The errors are marked with priority level:
+    <para>The list of errors with priority levels <literal>0 to 7</literal> appears. The errors are marked with priority level:
     </para>
     <itemizedlist>
   <listitem><para><guimenu>0-2</guimenu>: <command>emerg, alert, crit</command>: Critical issues, system collapse imminent.</para></listitem>
@@ -44,16 +44,17 @@ in the assembly -->
 </step>
 <step><para>View the error log for the failing service using the following command:</para>
 <screen>journalctl -u &lt;failing_service_name&gt;</screen>
-<para>The lines preceding the termination message includes information on the error.</para>
+<para>The lines preceding the termination message include information about the error.</para>
 <itemizedlist>
-  <listitem><para><guimenu>Exit Status</guimenu>: f a service stops, look for a message like Process xxx exited with status 1/FAILURE. A status of 0 is success. Any non-zero status indicates an error. </para></listitem>
-  <listitem><para><guimenu>Configuration Errors</guimenu>: Messages containing phrases like No such file or directory, Permission denied, or Address already in use usually point to a problem in the service's configuration file</para></listitem>
-  <listitem><para><guimenu>Out-of-Memory (OOM)</guimenu>: Out-of-Memory (OOM)</para></listitem>
+  <listitem><para><guimenu>Exit Status</guimenu>: If a service stops, look for a message like <literal>Process xxx exited</literal> with status 1/FAILURE. A status of 0 indicates success. Any nonzero status indicates an error. </para></listitem>
+  <listitem><para><guimenu>Configuration Errors</guimenu>: Messages containing phrases like <literal>No such file or directory</literal>, <literal>Permission denied</literal> or <literal>Address already in use</literal> usually point to a problem in the service's configuration file.</para></listitem>
+  <listitem><para><guimenu>Out-of-Memory (OOM)</guimenu>: The service was terminated because
+   it exceeded memory limits.</para></listitem>
  </itemizedlist>
 </step>
-<step><para>Use detailed views of logs to get detailed information on the error.</para>
+<step><para>Use detailed views of logs to get detailed information about the error.</para>
 <screen>journalctl -xe</screen>
-<para>For example, to view all messages from the Apache service during the current boot, with detailed explanations, run the following command:</para>
+<para>For example, to view all messages from the Apache service during the current boot with detailed explanations, run the following command:</para>
 <screen>journalctl -u httpd.service -b -xe</screen></step>
 </procedure>
 </section>

From 3e8e782b39bad0d5f649e6d746d7265f90391e7c Mon Sep 17 00:00:00 2001
From: Shalaka Harne <135588263+harneshalaka@users.noreply.github.com>
Date: Thu, 11 Dec 2025 21:17:49 +0530
Subject: [PATCH 32/32] Update articles/journalctl.asm.xml

Fixed editorial feedback

Co-authored-by: Daria Vladykina <daria.vladykina@suse.com>
---
 articles/journalctl.asm.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/articles/journalctl.asm.xml b/articles/journalctl.asm.xml
index 5d3b993c8..0e4165cb8 100644
--- a/articles/journalctl.asm.xml
+++ b/articles/journalctl.asm.xml
@@ -69,7 +69,7 @@ Initial version
 <meta name="description">
 Learn how to view and manage &productnameshort; logs using <command>journalctl</command></meta>
 <!-- Search -->
-<meta name="social-descr">Mastering System Logs: From <command>systemd-journald</command> to <command>journalctl</command></meta>
+<meta name="social-descr">View and filter logs with <command>journalctl</command></meta>
 <!-- Task -->
 <meta name="task" its:translate="no">
 <phrase>Configuration</phrase>