Display systemd journal for specific service since it started.
Get current invocation id (a unique 128-bit ID identifying each runtime cycle of the unit) for specific service.
$ systemctl show -p InvocationID --value ssh
6a480c9650314ca9aa0f7a631c4f4269
Use invocation id to display logs for specific service runtime cycle.
$ service="ssh"; invocation=$(systemctl show -p InvocationID --value $service); journalctl INVOCATION_ID=$invocation + _SYSTEMD_INVOCATION_ID=$invocation
-- Journal begins at Sun 2021-05-16 20:24:12 CEST, ends at Mon 2021-10-11 22:35:01 CEST. -- Sep 18 00:34:50 desktop systemd[1]: Starting OpenBSD Secure Shell server... Sep 18 00:34:50 desktop sshd[1335]: Server listening on 0.0.0.0 port 22. Sep 18 00:34:50 desktop sshd[1335]: Server listening on :: port 22. Sep 18 00:34:50 desktop systemd[1]: Started OpenBSD Secure Shell server. Sep 26 18:46:32 desktop sshd[406269]: Invalid user snuffles from 127.0.0.1 port 41354 Sep 26 18:46:34 desktop sshd[406269]: Failed none for invalid user snuffles from 127.0.0.1 port 41354 ssh2 Sep 26 18:46:35 desktop sshd[406269]: Connection closed by invalid user snuffles 127.0.0.1 port 41354 [preauth] Sep 26 18:46:47 desktop sshd[406435]: Invalid user snuffles from 127.0.0.1 port 41358 Sep 26 18:46:47 desktop sshd[406435]: Connection closed by invalid user snuffles 127.0.0.1 port 41358 [preauth]
$ service="rsyslog"; invocation=$(systemctl show -p InvocationID --value $service); journalctl INVOCATION_ID=$invocation + _SYSTEMD_INVOCATION_ID=$invocation
-- Journal begins at Sun 2021-05-16 20:24:12 CEST, ends at Mon 2021-10-11 22:35:01 CEST. -- Sep 18 00:34:50 desktop systemd[1]: Starting System Logging Service... Sep 18 00:34:50 desktop rsyslogd[1225]: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd. [v8.2102.0] Sep 18 00:34:50 desktop rsyslogd[1225]: rsyslogd's groupid changed to 110 Sep 18 00:34:50 desktop systemd[1]: Started System Logging Service. Sep 18 00:34:50 desktop rsyslogd[1225]: rsyslogd's userid changed to 104 Sep 18 00:34:50 desktop rsyslogd[1225]: [origin software="rsyslogd" swVersion="8.2102.0" x-pid="1225" x-info="https://www.rsyslog.com"] start Sep 19 14:48:10 desktop systemd[1]: rsyslog.service: Sent signal SIGHUP to main process 1225 (rsyslogd) on client request. Sep 19 14:58:10 desktop rsyslogd[1225]: [origin software="rsyslogd" swVersion="8.2102.0" x-pid="1225" x-info="https://www.rsyslog.com"] rsyslogd was HUPed Sep 26 00:00:03 desktop systemd[1]: rsyslog.service: Sent signal SIGHUP to main process 1225 (rsyslogd) on client request. Oct 03 00:00:03 desktop systemd[1]: rsyslog.service: Sent signal SIGHUP to main process 1225 (rsyslogd) on client request. Oct 10 00:00:03 desktop systemd[1]: rsyslog.service: Sent signal SIGHUP to main process 1225 (rsyslogd) on client request.
See how to display when service was started and stopped using the systemd journal to see how to list recent invocations ids.
