I want to look at last 1 hour of docker container log using docker logs --since option. Which value I should provide for --since parameter?
as the help says
--since string Show logs since timestamp (e.g. 2013-01-02T13:23:37) or relative (e.g. 42m for 42 minutes
I would do
docker logs mycontainer_or_id --since 60m
This syntax is correct according to my active container
Please refer to the Docker docs.
docker logs --since 1h
The --since option shows only the container logs generated after a given date. You can specify the date as an RFC 3339 date, a UNIX timestamp, or a Go duration string (e.g. 1m30s, 3h). Besides RFC3339 date format you may also use RFC3339Nano, 2006-01-02T15:04:05, 2006-01-02T15:04:05.999999999, 2006-01-02Z07:00, and 2006-01-02.
You may want logs from a specific date, but docker might not like your date's format.
In such cases, check whether the UNIX date command parse it:
$ date -d "your date here"
Wed Oct 5 12:46:17 GMT 2022
If date's output looks right, then you can use date -I to produce a format that docker understands.
$ docker logs my_container --since "$(date -I -d "your date here")" | less -RX
Related
i need output with Year in start field, below command i am using in Linux to get the License details but i am getting date like(start Tue 1/7 9:54) , so want to know the year for this:
lmutil lmstat -a -c user#server_name -f abcd -t
Output : start Tue 1/7 9:54
Looking for start Tue 1/7(with year) 9:54
Please help.
Thanks
I'd like to know the meaning of the alert message that occurs in the Linux time zone.
timedatectl
Warning: Ignoring the TZ variable. Reading the system's time zone setting only.
Local time: Mon 2019-11-18 12:12:50 JST
Universal time: Mon 2019-11-18 03:12:50 UTC
RTC time: Mon 2019-11-18 03:12:50
Time zone: Asia/Tokyo (JST, +0900)
Tell me the cause of the warning message and how to resolve it.
This command, hwclock --localtime, returns UTC time listed by timedatectl, instead to local.
First run
sudo timedatectl
if it showed the right timezone then skip ahead to ls -al /etc/localtime, otherwise correct it using
sudo timedatectl set-timezone <your region>/<your location>
as an example if you lived in Sweden you would run:
sudo timedatectl set-timezone Europe/Stockholm
then after running this check the output of
ls -al /etc/localtime
if this points to the wrong timezone then run
sudo rm /etc/localtime
followed by
sudo ln -sf /usr/share/zoneinfo/<your region>/<your location> /etc/localtime
substituting your region and your location with the same ones used in the last command.
That should fix it, though you might need to reboot for the changes to take affect.
I use journalctl -f to see the logs written by the processes, but it does not print the user who initiated the process writing to syslog.
Is there any option we can provide to journalctl in order to print the user id?
Thanks.
If you run journalctl -o verbose you will see the complete log record for each entry, which will look something like:
Fri 2019-08-02 20:02:11.307673 EDT [s=e328b42f9ccd4ef28cc946dba525b34c;i=12377a1;b=299ec3a7a9e545f3ab77225c045aee0c;m=7a7d1960ef;t=58f2b2fc43900;x=ceff52112a8146ae]
_TRANSPORT=journal
_UID=1000
_GID=1000
_CAP_EFFECTIVE=0
_AUDIT_LOGINUID=1000
_SYSTEMD_OWNER_UID=1000
_SYSTEMD_SLICE=user-1000.slice
_SYSTEMD_USER_SLICE=-.slice
_BOOT_ID=299ec3a7a9e545f3ab77225c045aee0c
_MACHINE_ID=39332780e5924d6ba0bdf775223941f6
_HOSTNAME=madhatter
PRIORITY=6
SYSLOG_FACILITY=3
CODE_FILE=../src/core/job.c
CODE_LINE=594
CODE_FUNC=job_log_begin_status_message
SYSLOG_IDENTIFIER=systemd
MESSAGE=Starting GNOME Terminal Server...
JOB_ID=1446
JOB_TYPE=start
USER_UNIT=gnome-terminal-server.service
USER_INVOCATION_ID=188bcf32f532490c8ce5ec486895f9d0
MESSAGE_ID=7d4958e842da4a758f6c1cdc7b36dcc5
_PID=3329
_COMM=systemd
_EXE=/usr/lib/systemd/systemd
_CMDLINE=/usr/lib/systemd/systemd --user
_AUDIT_SESSION=3
_SYSTEMD_CGROUP=/user.slice/user-1000.slice/user#1000.service/init.scope
_SYSTEMD_UNIT=user#1000.service
_SYSTEMD_USER_UNIT=init.scope
_SYSTEMD_INVOCATION_ID=5537b4a00b5946ce9f3b2b664c3d10e8
_SOURCE_REALTIME_TIMESTAMP=1564790531307673
Take a look at man journalctl for more information. E.g., there is a -o json if you want to programtically process log lines in some fashion.
My local timezone and docker container's timezone are all set to 'GMT+8:00'. But the 'docker logs -t' still shows timestamp of 'GMT+0:00'.
the picture below is a part of output of 'docker logs -t'. The left timestamp is printed by docker, and the right timestamp is printed by application in container.
After some research, I found out that the docker logs -t command prints out timestamps in UTC and there is no config to change that. However, you could use a little script referenced in https://github.com/docker/cli/issues/604, where you could just pipe the output and change the given timestamp.
I would like to view only log messages created within a specified time range (08:00 - 11:00) for ALL days.
If I use:
journalctl --since 08:00 --until 11:00
It displays logs from current day only.
Any ideas?
First of all - where is your journalctl log file? Default journalctl collect logs since the launch of the system.
By default, the log file is in /var/log/journal. If this dir isn't exist set Storage=persistent in /etc/systemd/journald.conf and run systemctl restart systemd-journald.
And when journalctl saves all messages/events on all the days or when the system collects logs from a few days of the save settings day You can draw some interesting informations from journalctl in this way:
# Define year
year="2016"
# Defines the month in which you want to search
months=(08 09 10)
for i in "${months[#]}" ; do
# To set a range of days: 14 - 20
for j in `seq 14 20` ; do
journalctl --since "${year}-${i}-${j} 08:00:00" --until "${year}-${i}-${j} 11:00:00" >> /tmp/journal.${year}-${i}-${j}.log
done
done
If you want to check days from 1 to 9 will probably need to add a mechanism for adding 0 (01, 02, 03, ..., 09).
This is an example so you have to adjust it to your needs.