journalctl -u ssh prints all records associated with the ssh unit. But how can I get all records not associated with the ssh unit? Things that don't work: journalctl -u '!ssh'; journalctl '!_SYSTEMD_UNIT=ssh'; journalctl '_SYSTEMD_UNIT!=ssh'. Documentation doesn't suggest that this is possible, but I'm still hopeful. ;-)
Asked
Active
Viewed 526 times
3
smammy
- 432
- 3
- 7
-
1What's wrong with `grep -v sshd`? Or more refined, `grep -v "$(hostname) sshd\["`. – berndbausch Feb 15 '21 at 20:12
-
That's similar to what I'm doing currently, but I'd prefer a solution that's independent of the journalctl output format. My current kludge is: `journalctl -f | awk '$5 !~ /sshd\[[0-9]+\]:/ { print }'`. – smammy Feb 16 '21 at 21:04