From: m.a.young@durham.ac.uk
On Wed, 17 Jul 2013, Lennart Poettering wrote:
"cat /var/log/messages" becomes "journalctl" "tail -f /var/log/messages" becomes "journalctl -f" "tail -n100 /var/log/messages" becomes "journalctl -n100" "grep foobar /var/log/messages" becomes "journalctl | grep foobar"
This isn't complex. You can grep/sed/awk as much as you want. You just do it over the output of journalctl rather than teh file. That's not that big a difference.
One thing you have missed is how you edit the log file. There may be
cases
where you want to strip out log entries, eg. when a process has gone
wild
and swamped the useful messages with useless ones and you want to keep
the
useful ones and throw away the useless ones.
I used to do something like this with vim ":g/NOISE/d" until I could see the detail I wanted when the alternations for grep would have been tremendously long. With journalctl's built-in filtering capabilities I'm glad I don't have to do that anymore; it's way more concise. However, all use cases differ, so if you must, you can: "journalctl | vim -". YMMV with other editors though.
-- John Florian