|
|
|
|
|
|
by frankjr
858 days ago
|
|
|
You can see the raw message with `-o verbose` (or json/json-pretty/...). You can also pick just the fields you want with `--output-fields`. $ journalctl -f -u sshd
Feb 15 13:21:56 vm sshd[4844]: pam_unix(sshd:session): session opened for user user(uid=1000) by user(uid=0)
vs $ journalctl -f -u sshd -o verbose
Thu 2024-02-15 13:21:56.886724 UTC [...]
PRIORITY=6
_SYSTEMD_SLICE=system.slice
_BOOT_ID=8e87dffc55844df1b122cfa31010b1df
_HOSTNAME=vm
_RUNTIME_SCOPE=system
_UID=0
_GID=0
_CAP_EFFECTIVE=1ffffffffff
_TRANSPORT=syslog
SYSLOG_IDENTIFIER=sshd
SYSLOG_PID=4844
SYSLOG_TIMESTAMP=Feb 15 13:21:56
_PID=4844
_COMM=sshd
_EXE=/usr/bin/sshd
_CMDLINE="sshd: user [priv]"
_SYSTEMD_CGROUP=/system.slice/sshd.service
_SYSTEMD_UNIT=sshd.service
_SYSTEMD_INVOCATION_ID=4065f778bd534ab98f1849d858d0f49e
SYSLOG_FACILITY=10
MESSAGE=pam_unix(sshd:session): session opened for user user(uid=1000) by user(uid=0)
_SOURCE_REALTIME_TIMESTAMP=1708003316886724
|
|
|