journalctl -r /usr/sbin/sshd
journalctl /usr/bin/bash
journalctl -u nginx.service
journalctl -u nginx.service -u php-fpm.service --since today
journalctl -b
journalctl --since "2023-07-29 15:00:00"
journalctl --since "2023-07-20" --until "2023-07-21 03:00"
journalctl --since yesterday
journalctl --since 09:00 --until "1 hour ago"
journalctl -p err -b
journalctl -f
journalctl -n
journalctl -n 20
(journalctl is the best tool. If auditd is running, the messages can't be even spoofed. See here for a good explanation:)more
journalctl -q _AUDIT_TYPE=1112 _TRANSPORT=audit
journalctl -q _AUDIT_TYPE=1112 _TRANSPORT=audit | grep failed
journalctl -u 'systemd-logind' --since "today" --until "tomorrow"
/etc/systemd/journald.conf