diff --git a/modules/journalwatch.nix b/modules/journalwatch.nix
index 9c74786..a81055f 100644
--- a/modules/journalwatch.nix
+++ b/modules/journalwatch.nix
@@ -25,14 +25,24 @@
 #   #=> /nix/store/vzfvp7kizycs6lnks6icmlw3h1x6p7la-journalwatch-config
 #   cat /nix/store/vzfvp7kizycs6lnks6icmlw3h1x6p7la-journalwatch-config/journalwatch/config
 #   cat /nix/store/vzfvp7kizycs6lnks6icmlw3h1x6p7la-journalwatch-config/journalwatch/patterns
+#
+# As bash script:
+#
+# nix-shell -p ripgrep
+# service_file="$(systemctl show -P FragmentPath journalwatch.service)"
+# store_path="$(rg -o 'XDG_CONFIG_HOME=(.+)"' -r '$1' < "${service_file}")"
+# less "${store_path}/journalwatch/patterns"
 
 # Find a message and view its details
 #   journalctl -b -p5 -o json-pretty
-#   Then press "/", enter a pattern and press "Enter".
+#   journalctl --since "2025-02-16T14:00:00" -p5 -o json-pretty
+# Then press `/`, write a pattern and press `Enter`.
 
 { config, pkgs, ... }:
 let
-  sshd_filter = ''
+  stopped-service-consumption-summary = ''
+    \S+\.(service|scope|slice|swap|mount): Consumed ([0-9]+d )?([0-9]+h )?([0-9]+min )?[0-9\.]+(s|ms) CPU time(, .+)?\.'';
+  sshd-log = ''
     Accepted publickey for (root|yoda) from \S+ port \S+ ssh2: ED25519 SHA256:\S+
     # TODO: Change RSA key of yodaHedgehog to ED25519
     Accepted publickey for (root|yoda) from \S+ port \S+ ssh2: RSA SHA256:\S+
@@ -72,8 +82,7 @@ let
     error: PAM: Authentication failure for illegal user \S+ from \S+
     error: Protocol major versions differ: 2 vs\. 1
     error: beginning MaxStartups throttling
-    fatal: Timeout before authentication for \S+ port [0-9]+
-  '';
+    fatal: Timeout before authentication for \S+ port [0-9]+'';
 in
 {
   assertions = [{
@@ -480,7 +489,7 @@ in
         match = "IMAGE_NAME = /mysql:[0-9]+/";
       }
       {
-        filters = sshd_filter;
+        filters = sshd-log;
         match = "IMAGE_NAME = gitea/gitea:1";
       }
       { # yodaNas
@@ -650,7 +659,7 @@ in
       }
       { # yodaTux, yodaNas
         filters = ''
-          \S+\.(service|scope|slice|swap|mount): Consumed ([0-9]+d )?([0-9]+h )?([0-9]+min )?[0-9\.]+(s|ms) CPU time(, .+)?\.
+          ${stopped-service-consumption-summary}
           #
           Reload requested from client PID [0-9]+ \('\.switch-to-conf'\) \(unit session-[0-9]+\.scope\)\.\.\.
           #
@@ -822,10 +831,16 @@ in
       # Sometimes (TODO maybe always since NixOS 24.11 ?)
       #   SYSLOG_IDENTIFIER = sshd-session
       {
-        filters = sshd_filter;
+        filters = sshd-log;
         match = "SYSLOG_IDENTIFIER = /(sshd|sshd-session)/";
       }
 
+      {
+        filters = ''
+          ${stopped-service-consumption-summary}
+        '';
+        match = "SYSLOG_IDENTIFIER = systemd";
+      }
       {
         filters = ''
           pam_unix\(sudo:session\): session opened for user root\(uid=0\) by (yoda)?\(uid=[0-9]+\)