Systemd Cheat Sheet

View systemd information

Command Description
systemctl list-dependencies show a unit’s dependencies
systemctl list-sockets list the sockets
systemctl list-jobs View active systemd jobs
systemctl list-unit-files See unit files and their states
systemctl list-units Show if units are loaded/active
systemctl get-default List default target (like run level)

Working with services

Command Description Smaf example
systemctl stop service Stop a running service sudo systemctl stop smaf-aggre.service
systemctl start service Start a service sudo systemctl start smaf-aggre.service
systemctl restart service Restart a running service
systemctl reload service Reload all config files in service
systemctl daemon-reload Must run to reload changed unit files
systemctl –failed Shows services that failed to run
systemctl reset-failed Resets any units from failed state
systemctl status service See if service is running/enabled
systemctl enable service Enable a service to start on boot sudo systemctl enable smaf-aggre.service
systemctl disable service Disable service–won’t start at boot
systemctl show service Show properties of a service (or other units)
systemctl edit service Create snippit to drop in unit file
systemctl edit –full service Edit entire unit file for service
systemctl -H host status network Run any systemctl command remotely

Changing system states

Command Description
systemctl reboot Reboot the system (reboot.target)
systemctl poweroff Power off the system (poweroff.target)
systemctl emergency Put in emergency mode (emergency.target)
systemctl default Back to default target (multi-user.target)

Viewing log messages

Command Description Smaf Example
journalctl Show all collected log messages
journalctl -u network.service See network service messages journalctl -u smaf-aggre.service
journalctl -f Follow messages as they appear

journalctl -u smaf-aggre.service -f

<similar to tail -f /var/log/messages
journalctl -k Show only kernel messages

Other Systemd commands

Short Description systemd Command
Control the system hostname hostnamectl
Team daemon control tool teamdctl
Control the system time and date timedatectl
Query the systemd journal journalctl
How to check system boot time systemd-analyze or systemd-analyze time
How to check each service time consumption at startup systemd-analyze blame
Kill all processes associated with a service systemctl kill example
List all running services systemctl
Show system status systemctl status
How to run the systemd command on a remote machine systemctl status example -H user@remotehost

Journalctl Cheatsheet

Useful Switches

-f Show new log entries as they are added.

example:
jour­nalctl -u mysql.s­ervice -f

-k Show kernel messages.

example: Kernel logs from five boots ago;
journalctl -k -b -5

-u Show messages for specified systemd service.

example:
journalctl -u httpd -u apache2

-b Show current boot messages.

Logs from the last boot, use the -1 modifier; to see boot logs from two boots ago, use -2; and so on. List system boots with: jour­nalctl --list­-bo­ots

-r Show the messages in reverse order; latest first.

-p Show the messages by priority

example: jour­nalctl -p err Shows you all messages marked as error, critical, alert, or emerge­ncy.

Time Ranges

jour­nalctl --since "1 hour ago" Show journal messages logged within the last hour:

jour­nalctl --since 09:00 --until "1 hour ago" Show reports starting at 9:00 AM and continuing until an hour ago

jour­nalctl --since yester­day Show journal messages logged since yesterday:

jour­nalctl --since "2 days ago" Show logged in the last two days

jour­nalctl --since "­201­7-05-23 23:15:­00" --until "­201­7-05-23 23:20:­00" All messages logged on or after the since parameter and logged on or before the until parameter will be shown:

*Hint: If components of the above format are left off, some defaults will be applied. For instance, if the date is omitted, the current date will be assumed. If the time component is missing, "­00:­00:­00" (midnight) will be substi­tuted. The seconds field can be left off as well to default to "­00":

By Process, User, or Group ID

jour­nalctl _PID=123 Show messages produced by a specific process ID:

*Hint: Find the PID for a specific service:
systemctl statusSERVICE

jour­nalctl _UID=100 Show messages belonging to a specific user ID:

example:
jour­nalctl _UID=100 _UID=200 --since today

*Hint: You can find your user ID by typing:
id -uUSERNAME

jour­nalctl _GID=800 Show messages belonging to a specific group ID:

By Priority

You can use either the priority name or its corres­ponding numeric value. In order of highest to lowest priority:

0

emerg

1

alert

2

crit

3

err

4

warn­ing

5

notice

6

info

7

debug

The above numbers or names can be used interc­han­geably with the -p option. Selecting a priority will display messages marked at the specified level and those above it.

Access control and config

usermod -a -G admUSER Add USER to adm group

* Hint: by default, Journal users can only watch their own logs, unless they are root or in the adm group.

nano /etc/s­yst­emd­/jo­urn­ald.conf Edit the journal config file

Forwar­dTo­Con­sol­e=yes TTYPat­h=/­dev­/tty12

Forward the Journal to /dev/ttyX

*Hint: Add changes to journal config file

Advanced Filtering

jour­nalctl /usr/b­in/­bash Show messages related to a specific execut­able, specify the full path to the executable

jour­nalctl _HOSTN­AME­=my­host Show messages for specified hostname.

jour­nalctl _COMM=­ava­hi-­dae­mon The name, the executable path, and the command line of the process the journal entry originates from

jour­nalctl -F The -F option can be used to show all of the available values for a given journal field.

jour­nalctl _SE<T­AB> Tab completion works on fields

jour­nalctl _SELIN­UX_­CON­TEXT=<T­AB> Tab completion also works on labels in fields

jour­nalctl _SELIN­UX_­CON­TEX­T=s­yst­em_­u:s­yst­em_­r:p­oli­cyk­it_­t:s0Show messages logged under Policy­Kit's security label.

For a full list of common, well-known fields, see the man page.

Output

Control the formatting of journal entries.

jour­nalctl -o short The default and generates an output that is mostly identical to the formatting of classic syslog files, showing one line per journal entry.

jour­nalctl -o short-­full Very similar, but shows timestamps in the format --since= and --until= options

jour­nalctl -o verbose Show the full-s­tru­ctured entry items with all fields.

jour­nalctl -o json-p­retty Formats entries as JSON data struct­ures, in multiple lines in order to make them more readable by humans.

jour­nalctl -o export Serializes the journal into a binary (but mostly text-b­ased) stream suitable for backups and network transfer

Import the binary stream back into native journald format with journal-remote

SysVInit vs SystemD Cheatsheet

sysvinit command systemd command notes
service sshd start systemctl start sshd Start the sshd service
service sshd stop systemctl stop sshd Stop the sshd service
service sshd restart systemctl restart sshd Restart the sshd service
service sshd reload systemctl reload sshd Reload the sshd service
service sshd condrestart systemctl condrestart sshd Restarts sshd if it’s already running
service sshd status systemctl status sshd Check the status of sshd
chkconfig –list systemctl list-unit-files –type=service List all services and their status
chkconfig sshd on systemctl enable sshd Enable the sshd service
chkconfig sshd off systemctl disable sshd Disable the sshd service
chkconfig –list sshd ls /etc/systemd/system/*.wants/sshd.service Show all runlevels/targets sshd is enabled in
chkconfig –add sshd systemctl daemon-reload

Used to create new service files

 

Runlevels

sysvinit runlevel systemd target name notes
0 runlevel0, poweroff Shut down and power off the system
1 runlevel1, rescue Setup rescue shell
2, 3, 4 runelevel2, runlevel3, runlevel4, multi-user Non-graphical multi-user
5 runlevel5, graphical Graphical multi-user
6 runlevel6, reboot Reboot the system

 

Commands

sysvinit systemd notes
runlevel systemctl list-units –type target List runlevels
cat /etc/inittab systemctl get-default Default runlevel
telinit <runlevel#> systemctl isolate <name>.target Change the runlevel
nano or vi /etc/inittab systemctl set-default <name>.target Change the default runlevel