projects / thirdparty / systemd.git / blame
| Commit | Line | Data |
|---|---|---|
| b47ffcfd | 1 | <?xml version='1.0'?> <!--*-nxml-*--> |
| 3a54a157 | 2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" |
| 12b42c76 | 3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> |
| db9ecf05 | 4 | <!-- SPDX-License-Identifier: LGPL-2.1-or-later --> |
| b47ffcfd | 5 | |
| a9edaeff | 6 | <refentry id="journald.conf" |
| 798d3a52 ZJS |
7 | xmlns:xi="http://www.w3.org/2001/XInclude"> |
| 8 | <refentryinfo> | |
| 9 | <title>journald.conf</title> | |
| 10 | <productname>systemd</productname> | |
| 798d3a52 ZJS |
11 | </refentryinfo> |
| 12 | ||
| 13 | <refmeta> | |
| 14 | <refentrytitle>journald.conf</refentrytitle> | |
| 15 | <manvolnum>5</manvolnum> | |
| 16 | </refmeta> | |
| 17 | ||
| 18 | <refnamediv> | |
| 19 | <refname>journald.conf</refname> | |
| 20 | <refname>journald.conf.d</refname> | |
| 6bc43619 | 21 | <refname>journald@.conf</refname> |
| 798d3a52 ZJS |
22 | <refpurpose>Journal service configuration files</refpurpose> |
| 23 | </refnamediv> | |
| 24 | ||
| 25 | <refsynopsisdiv> | |
| 12b42c76 TG |
26 | <para><filename>/etc/systemd/journald.conf</filename></para> |
| 27 | <para><filename>/etc/systemd/journald.conf.d/*.conf</filename></para> | |
| 798d3a52 | 28 | <para><filename>/run/systemd/journald.conf.d/*.conf</filename></para> |
| 12b42c76 | 29 | <para><filename>/usr/lib/systemd/journald.conf.d/*.conf</filename></para> |
| 6bc43619 | 30 | <para><filename>/etc/systemd/journald@<replaceable>NAMESPACE</replaceable>.conf</filename></para> |
| 005c7b1d YW |
31 | <para><filename>/etc/systemd/journald@<replaceable>NAMESPACE</replaceable>.conf.d/*.conf</filename></para> |
| 32 | <para><filename>/run/systemd/journald@<replaceable>NAMESPACE</replaceable>.conf.d/*.conf</filename></para> | |
| 33 | <para><filename>/usr/lib/systemd/journald@<replaceable>NAMESPACE</replaceable>.conf.d/*.conf</filename></para> | |
| 798d3a52 ZJS |
34 | </refsynopsisdiv> |
| 35 | ||
| 36 | <refsect1> | |
| 37 | <title>Description</title> | |
| 38 | ||
| 0f943ae4 ZJS |
39 | <para>These files configure various parameters of the systemd journal service, |
| 40 | <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>. | |
| 41 | See | |
| 675fa6ea | 42 | <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
| 0f943ae4 | 43 | for a general description of the syntax.</para> |
| 798d3a52 | 44 | |
| 6bc43619 LP |
45 | <para>The <command>systemd-journald</command> instance managing the default namespace is configured by |
| 46 | <filename>/etc/systemd/journald.conf</filename> and associated drop-ins. Instances managing other | |
| 005c7b1d YW |
47 | namespaces read <filename>/etc/systemd/journald@<replaceable>NAMESPACE</replaceable>.conf</filename> |
| 48 | and associated drop-ins with the namespace identifier filled in. This allows each namespace to carry | |
| 49 | a distinct configuration. See | |
| 6bc43619 LP |
50 | <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> |
| 51 | for details about journal namespaces.</para> | |
| 798d3a52 ZJS |
52 | </refsect1> |
| 53 | ||
| e93549ef | 54 | <xi:include href="standard-conf.xml" xpointer="main-conf" /> |
| 798d3a52 ZJS |
55 | |
| 56 | <refsect1> | |
| 57 | <title>Options</title> | |
| 58 | ||
| 59 | <para>All options are configured in the | |
| bdac5608 | 60 | [Journal] section:</para> |
| 798d3a52 | 61 | |
| d2acdcc6 | 62 | <variablelist class='config-directives'> |
| 798d3a52 ZJS |
63 | |
| 64 | <varlistentry> | |
| 65 | <term><varname>Storage=</varname></term> | |
| 66 | ||
| 6bc43619 LP |
67 | <listitem><para>Controls where to store journal data. One of <literal>volatile</literal>, |
| 68 | <literal>persistent</literal>, <literal>auto</literal> and <literal>none</literal>. If | |
| 69 | <literal>volatile</literal>, journal log data will be stored only in memory, i.e. below the | |
| 70 | <filename>/run/log/journal</filename> hierarchy (which is created if needed). If | |
| 71 | <literal>persistent</literal>, data will be stored preferably on disk, i.e. below the | |
| 72 | <filename>/var/log/journal</filename> hierarchy (which is created if needed), with a fallback to | |
| 73 | <filename>/run/log/journal</filename> (which is created if needed), during early boot and if the disk | |
| f254abcd ZJS |
74 | is not writable. <literal>auto</literal> behaves like <literal>persistent</literal> if the |
| 75 | <filename>/var/log/journal</filename> directory exists, and <literal>volatile</literal> otherwise | |
| 76 | (the existence of the directory controls the storage mode). <literal>none</literal> turns off all | |
| 77 | storage, all log data received will be dropped (but forwarding to other targets, such as the console, | |
| 78 | the kernel log buffer, or a syslog socket will still work). Defaults to <literal>auto</literal> in | |
| 79 | the default journal namespace, and <literal>persistent</literal> in all others.</para> | |
| 80 | ||
| 9854ac4a LP |
81 | <para>Note that journald will initially use volatile storage, until a call to |
| 82 | <command>journalctl --flush</command> (or sending <constant>SIGUSR1</constant> to journald) will cause | |
| 19d25fde LA |
83 | it to switch to persistent logging (under the conditions mentioned above). This is done automatically |
| 84 | on boot via <literal>systemd-journal-flush.service</literal>.</para> | |
| 85 | ||
| f254abcd ZJS |
86 | <para>Note that when this option is changed to <literal>volatile</literal>, existing persistent data |
| 87 | is not removed. In the other direction, | |
| 88 | <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> with | |
| 89 | the <option>--flush</option> option may be used to move volatile data to persistent storage.</para> | |
| fc709443 LP |
90 | |
| 91 | <para>When journal namespacing (see <varname>LogNamespace=</varname> in | |
| 92 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>) is | |
| 93 | used, setting <varname>Storage=</varname> to <literal>volatile</literal> or <literal>auto</literal> | |
| 94 | will not have an effect on the creation of the per-namespace logs directory in | |
| 95 | <filename>/var/log/journal/</filename>, as the <filename>systemd-journald@.service</filename> service | |
| 96 | file by default carries <varname>LogsDirectory=</varname>. To turn that off, add a unit file drop-in | |
| 97 | file that sets <varname>LogsDirectory=</varname> to an empty string.</para> | |
| f254abcd | 98 | </listitem> |
| 798d3a52 ZJS |
99 | </varlistentry> |
| 100 | ||
| 101 | <varlistentry> | |
| 102 | <term><varname>Compress=</varname></term> | |
| 103 | ||
| 1b7cf0e5 AG |
104 | <listitem><para>Can take a boolean value. If enabled (the |
| 105 | default), data objects that shall be stored in the journal | |
| 106 | and are larger than the default threshold of 512 bytes are | |
| 107 | compressed before they are written to the file system. It | |
| 108 | can also be set to a number of bytes to specify the | |
| 109 | compression threshold directly. Suffixes like K, M, and G | |
| 110 | can be used to specify larger units.</para></listitem> | |
| 798d3a52 ZJS |
111 | </varlistentry> |
| 112 | ||
| 113 | <varlistentry> | |
| 114 | <term><varname>Seal=</varname></term> | |
| 115 | ||
| 116 | <listitem><para>Takes a boolean value. If enabled (the | |
| 117 | default), and a sealing key is available (as created by | |
| 118 | <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s | |
| 119 | <option>--setup-keys</option> command), Forward Secure Sealing | |
| 120 | (FSS) for all persistent journal files is enabled. FSS is | |
| 121 | based on <ulink | |
| 122 | url="https://eprint.iacr.org/2013/397">Seekable Sequential Key | |
| 123 | Generators</ulink> by G. A. Marson and B. Poettering | |
| 124 | (doi:10.1007/978-3-642-40203-6_7) and may be used to protect | |
| 125 | journal files from unnoticed alteration.</para></listitem> | |
| 126 | </varlistentry> | |
| 127 | ||
| 128 | <varlistentry> | |
| 129 | <term><varname>SplitMode=</varname></term> | |
| 130 | ||
| 76153ad4 ZJS |
131 | <listitem><para>Controls whether to split up journal files per user, either <literal>uid</literal> or |
| 132 | <literal>none</literal>. Split journal files are primarily useful for access control: on UNIX/Linux access | |
| 133 | control is managed per file, and the journal daemon will assign users read access to their journal files. If | |
| a1533ad7 AZ |
134 | <literal>uid</literal>, all regular users (with UID outside the range of system users, dynamic service users, |
| 135 | and the nobody user) will each get their own journal files, and system users will log to the system journal. | |
| 136 | See <ulink url="https://systemd.io/UIDS-GIDS">Users, Groups, UIDs and GIDs on systemd systems</ulink> | |
| 137 | for more details about UID ranges. | |
| 138 | If <literal>none</literal>, journal files are not split up by user and all messages are | |
| 76153ad4 ZJS |
139 | instead stored in the single system journal. In this mode unprivileged users generally do not have access to |
| 140 | their own log data. Note that splitting up journal files by user is only available for journals stored | |
| 141 | persistently. If journals are stored on volatile storage (see <varname>Storage=</varname> above), only a single | |
| 142 | journal file is used. Defaults to <literal>uid</literal>.</para></listitem> | |
| 798d3a52 ZJS |
143 | </varlistentry> |
| 144 | ||
| 145 | <varlistentry> | |
| f0367da7 | 146 | <term><varname>RateLimitIntervalSec=</varname></term> |
| 798d3a52 ZJS |
147 | <term><varname>RateLimitBurst=</varname></term> |
| 148 | ||
| 149 | <listitem><para>Configures the rate limiting that is applied | |
| 150 | to all messages generated on the system. If, in the time | |
| f0367da7 | 151 | interval defined by <varname>RateLimitIntervalSec=</varname>, |
| 798d3a52 ZJS |
152 | more messages than specified in |
| 153 | <varname>RateLimitBurst=</varname> are logged by a service, | |
| 154 | all further messages within the interval are dropped until the | |
| 155 | interval is over. A message about the number of dropped | |
| 156 | messages is generated. This rate limiting is applied | |
| 157 | per-service, so that two services which log do not interfere | |
| 3de8ff5a | 158 | with each other's limits. Defaults to 10000 messages in 30s. |
| 798d3a52 | 159 | The time specification for |
| f0367da7 | 160 | <varname>RateLimitIntervalSec=</varname> may be specified in the |
| 798d3a52 ZJS |
161 | following units: <literal>s</literal>, <literal>min</literal>, |
| 162 | <literal>h</literal>, <literal>ms</literal>, | |
| 163 | <literal>us</literal>. To turn off any kind of rate limiting, | |
| 90fc172e AZ |
164 | set either value to 0.</para> |
| 165 | ||
| 69123c21 | 166 | <para>Note that the effective rate limit is multiplied by a |
| c0dd3269 CCW |
167 | factor derived from the available free disk space for the journal. |
| 168 | Currently, this factor is calculated using the base 2 logarithm.</para> | |
| 169 | ||
| 170 | <table> | |
| 171 | <title>Example <varname>RateLimitBurst=</varname> rate | |
| 172 | modifications by the available disk space</title> | |
| 173 | <tgroup cols='2'> | |
| 174 | <colspec colname='freespace' /> | |
| 175 | <colspec colname='multiplier' /> | |
| 176 | <thead> | |
| 177 | <row> | |
| 178 | <entry>Available Disk Space</entry> | |
| 179 | <entry>Burst Multiplier</entry> | |
| 180 | </row> | |
| 181 | </thead> | |
| 182 | <tbody> | |
| 183 | <row> | |
| 184 | <entry><= 1MB</entry> | |
| 185 | <entry>1</entry> | |
| 186 | </row> | |
| 187 | <row> | |
| 188 | <entry><= 16MB</entry> | |
| 189 | <entry>2</entry> | |
| 190 | </row> | |
| 191 | <row> | |
| 192 | <entry><= 256MB</entry> | |
| 193 | <entry>3</entry> | |
| 194 | </row> | |
| 195 | <row> | |
| 196 | <entry><= 4GB</entry> | |
| 197 | <entry>4</entry> | |
| 198 | </row> | |
| 199 | <row> | |
| 200 | <entry><= 64GB</entry> | |
| 201 | <entry>5</entry> | |
| 202 | </row> | |
| 203 | <row> | |
| 204 | <entry><= 1TB</entry> | |
| 205 | <entry>6</entry> | |
| 206 | </row> | |
| 207 | </tbody> | |
| 208 | </tgroup> | |
| 209 | </table> | |
| 210 | ||
| 90fc172e AZ |
211 | <para>If a service provides rate limits for itself through |
| 212 | <varname>LogRateLimitIntervalSec=</varname> and/or <varname>LogRateLimitBurst=</varname> | |
| 213 | in <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
| 214 | those values will override the settings specified here.</para> | |
| 215 | </listitem> | |
| 798d3a52 ZJS |
216 | </varlistentry> |
| 217 | ||
| 218 | <varlistentry> | |
| 219 | <term><varname>SystemMaxUse=</varname></term> | |
| 220 | <term><varname>SystemKeepFree=</varname></term> | |
| 221 | <term><varname>SystemMaxFileSize=</varname></term> | |
| 8580d1f7 | 222 | <term><varname>SystemMaxFiles=</varname></term> |
| 798d3a52 ZJS |
223 | <term><varname>RuntimeMaxUse=</varname></term> |
| 224 | <term><varname>RuntimeKeepFree=</varname></term> | |
| 225 | <term><varname>RuntimeMaxFileSize=</varname></term> | |
| 8580d1f7 | 226 | <term><varname>RuntimeMaxFiles=</varname></term> |
| 798d3a52 ZJS |
227 | |
| 228 | <listitem><para>Enforce size limits on the journal files | |
| 229 | stored. The options prefixed with <literal>System</literal> | |
| 230 | apply to the journal files when stored on a persistent file | |
| 231 | system, more specifically | |
| 232 | <filename>/var/log/journal</filename>. The options prefixed | |
| 233 | with <literal>Runtime</literal> apply to the journal files | |
| 234 | when stored on a volatile in-memory file system, more | |
| 235 | specifically <filename>/run/log/journal</filename>. The former | |
| 3b121157 | 236 | is used only when <filename>/var/</filename> is mounted, |
| 798d3a52 ZJS |
237 | writable, and the directory |
| 238 | <filename>/var/log/journal</filename> exists. Otherwise, only | |
| 239 | the latter applies. Note that this means that during early | |
| 240 | boot and if the administrator disabled persistent logging, | |
| 241 | only the latter options apply, while the former apply if | |
| 242 | persistent logging is enabled and the system is fully booted | |
| 243 | up. <command>journalctl</command> and | |
| 244 | <command>systemd-journald</command> ignore all files with | |
| 245 | names not ending with <literal>.journal</literal> or | |
| 246 | <literal>.journal~</literal>, so only such files, located in | |
| 247 | the appropriate directories, are taken into account when | |
| 8580d1f7 | 248 | calculating current disk usage.</para> |
| 798d3a52 ZJS |
249 | |
| 250 | <para><varname>SystemMaxUse=</varname> and | |
| 251 | <varname>RuntimeMaxUse=</varname> control how much disk space | |
| a8eaaee7 | 252 | the journal may use up at most. |
| 798d3a52 ZJS |
253 | <varname>SystemKeepFree=</varname> and |
| 254 | <varname>RuntimeKeepFree=</varname> control how much disk | |
| 255 | space systemd-journald shall leave free for other uses. | |
| 256 | <command>systemd-journald</command> will respect both limits | |
| 257 | and use the smaller of the two values.</para> | |
| 258 | ||
| 259 | <para>The first pair defaults to 10% and the second to 15% of | |
| 32252660 LP |
260 | the size of the respective file system, but each value is |
| 261 | capped to 4G. If the file system is nearly full and either | |
| 262 | <varname>SystemKeepFree=</varname> or | |
| 8580d1f7 LP |
263 | <varname>RuntimeKeepFree=</varname> are violated when |
| 264 | systemd-journald is started, the limit will be raised to the | |
| 798d3a52 ZJS |
265 | percentage that is actually free. This means that if there was |
| 266 | enough free space before and journal files were created, and | |
| 267 | subsequently something else causes the file system to fill up, | |
| 268 | journald will stop using more space, but it will not be | |
| a8eaaee7 | 269 | removing existing files to reduce the footprint again, |
| 1a0d353b MK |
270 | either. Also note that only archived files are deleted to reduce the |
| 271 | space occupied by journal files. This means that, in effect, there might | |
| 272 | still be more space used than <varname>SystemMaxUse=</varname> or | |
| 273 | <varname>RuntimeMaxUse=</varname> limit after a vacuuming operation is | |
| 274 | complete.</para> | |
| 798d3a52 | 275 | |
| bb6a971c DDM |
276 | <para><varname>SystemMaxFileSize=</varname> and <varname>RuntimeMaxFileSize=</varname> control how |
| 277 | large individual journal files may grow at most. This influences the granularity in which disk space | |
| 278 | is made available through rotation, i.e. deletion of historic data. Defaults to one eighth of the | |
| 279 | values configured with <varname>SystemMaxUse=</varname> and <varname>RuntimeMaxUse=</varname>, so | |
| 280 | that usually seven rotated journal files are kept as history. If the journal compact mode is enabled | |
| 281 | (enabled by default), the maximum file size is capped to 4G.</para> | |
| 282 | ||
| 283 | <para>Specify values in bytes or use K, M, G, T, P, E as units for the specified sizes (equal to | |
| 284 | 1024, 1024², … bytes). Note that size limits are enforced synchronously when journal files are | |
| 285 | extended, and no explicit rotation step triggered by time is needed.</para> | |
| 8580d1f7 LP |
286 | |
| 287 | <para><varname>SystemMaxFiles=</varname> and | |
| 288 | <varname>RuntimeMaxFiles=</varname> control how many | |
| a8eaaee7 | 289 | individual journal files to keep at most. Note that only |
| 8580d1f7 LP |
290 | archived files are deleted to reduce the number of files until |
| 291 | this limit is reached; active files will stay around. This | |
| b938cb90 | 292 | means that, in effect, there might still be more journal files |
| 8580d1f7 LP |
293 | around in total than this limit after a vacuuming operation is |
| 294 | complete. This setting defaults to 100.</para></listitem> | |
| 798d3a52 ZJS |
295 | </varlistentry> |
| 296 | ||
| 297 | <varlistentry> | |
| 298 | <term><varname>MaxFileSec=</varname></term> | |
| 299 | ||
| 300 | <listitem><para>The maximum time to store entries in a single | |
| 301 | journal file before rotating to the next one. Normally, | |
| 302 | time-based rotation should not be required as size-based | |
| 303 | rotation with options such as | |
| 304 | <varname>SystemMaxFileSize=</varname> should be sufficient to | |
| 305 | ensure that journal files do not grow without bounds. However, | |
| 306 | to ensure that not too much data is lost at once when old | |
| 307 | journal files are deleted, it might make sense to change this | |
| 308 | value from the default of one month. Set to 0 to turn off this | |
| 309 | feature. This setting takes time values which may be suffixed | |
| 310 | with the units <literal>year</literal>, | |
| 311 | <literal>month</literal>, <literal>week</literal>, | |
| 312 | <literal>day</literal>, <literal>h</literal> or | |
| 313 | <literal>m</literal> to override the default time unit of | |
| 314 | seconds.</para></listitem> | |
| 315 | </varlistentry> | |
| 316 | ||
| 317 | <varlistentry> | |
| 318 | <term><varname>MaxRetentionSec=</varname></term> | |
| 319 | ||
| 320 | <listitem><para>The maximum time to store journal entries. | |
| 321 | This controls whether journal files containing entries older | |
| ad7c65e6 | 322 | than the specified time span are deleted. Normally, time-based |
| 798d3a52 ZJS |
323 | deletion of old journal files should not be required as |
| 324 | size-based deletion with options such as | |
| 325 | <varname>SystemMaxUse=</varname> should be sufficient to | |
| 326 | ensure that journal files do not grow without bounds. However, | |
| 327 | to enforce data retention policies, it might make sense to | |
| 328 | change this value from the default of 0 (which turns off this | |
| 329 | feature). This setting also takes time values which may be | |
| 330 | suffixed with the units <literal>year</literal>, | |
| 331 | <literal>month</literal>, <literal>week</literal>, | |
| 332 | <literal>day</literal>, <literal>h</literal> or <literal> | |
| 333 | m</literal> to override the default time unit of | |
| 334 | seconds.</para></listitem> | |
| 335 | </varlistentry> | |
| 336 | ||
| 798d3a52 ZJS |
337 | <varlistentry> |
| 338 | <term><varname>SyncIntervalSec=</varname></term> | |
| 339 | ||
| 340 | <listitem><para>The timeout before synchronizing journal files | |
| 341 | to disk. After syncing, journal files are placed in the | |
| 342 | OFFLINE state. Note that syncing is unconditionally done | |
| 343 | immediately after a log message of priority CRIT, ALERT or | |
| 344 | EMERG has been logged. This setting hence applies only to | |
| 345 | messages of the levels ERR, WARNING, NOTICE, INFO, DEBUG. The | |
| 346 | default timeout is 5 minutes. </para></listitem> | |
| 347 | </varlistentry> | |
| 348 | ||
| 349 | <varlistentry> | |
| 350 | <term><varname>ForwardToSyslog=</varname></term> | |
| 351 | <term><varname>ForwardToKMsg=</varname></term> | |
| 352 | <term><varname>ForwardToConsole=</varname></term> | |
| 353 | <term><varname>ForwardToWall=</varname></term> | |
| 354 | ||
| 77ce88c1 LP |
355 | <listitem><para>Control whether log messages received by the journal daemon shall be forwarded to a |
| 356 | traditional syslog daemon, to the kernel log buffer (kmsg), to the system console, or sent as wall | |
| 357 | messages to all logged-in users. These options take boolean arguments. If forwarding to syslog is | |
| 358 | enabled but nothing reads messages from the socket, forwarding to syslog has no effect. By default, | |
| 359 | only forwarding to wall is enabled. These settings may be overridden at boot time with the kernel | |
| 360 | command line options <literal>systemd.journald.forward_to_syslog</literal>, | |
| 5707ecf3 ZJS |
361 | <literal>systemd.journald.forward_to_kmsg</literal>, |
| 362 | <literal>systemd.journald.forward_to_console</literal>, and | |
| 77ce88c1 LP |
363 | <literal>systemd.journald.forward_to_wall</literal>. If the option name is specified without |
| 364 | <literal>=</literal> and the following argument, true is assumed. Otherwise, the argument is parsed | |
| 365 | as a boolean.</para> | |
| 366 | ||
| 367 | <para>When forwarding to the console, the TTY to log to can be changed with | |
| 368 | <varname>TTYPath=</varname>, described below.</para> | |
| 369 | ||
| 370 | <para>When forwarding to the kernel log buffer (kmsg), make sure to select a suitably large size for | |
| 33eb1f24 ZJS |
371 | the log buffer, for example by adding <literal>log_buf_len=8M</literal> to the kernel command line. |
| 372 | <command>systemd</command> will automatically disable kernel's rate-limiting applied to userspace | |
| 373 | processes (equivalent to setting <literal>printk.devkmsg=on</literal>).</para></listitem> | |
| 798d3a52 ZJS |
374 | </varlistentry> |
| 375 | ||
| 376 | <varlistentry> | |
| 377 | <term><varname>MaxLevelStore=</varname></term> | |
| 378 | <term><varname>MaxLevelSyslog=</varname></term> | |
| 379 | <term><varname>MaxLevelKMsg=</varname></term> | |
| 380 | <term><varname>MaxLevelConsole=</varname></term> | |
| 381 | <term><varname>MaxLevelWall=</varname></term> | |
| 382 | ||
| 383 | <listitem><para>Controls the maximum log level of messages | |
| c97ae2b2 | 384 | that are stored in the journal, forwarded to syslog, kmsg, the |
| 798d3a52 ZJS |
385 | console or wall (if that is enabled, see above). As argument, |
| 386 | takes one of | |
| 387 | <literal>emerg</literal>, | |
| 388 | <literal>alert</literal>, | |
| 389 | <literal>crit</literal>, | |
| 390 | <literal>err</literal>, | |
| 391 | <literal>warning</literal>, | |
| 392 | <literal>notice</literal>, | |
| 393 | <literal>info</literal>, | |
| 394 | <literal>debug</literal>, | |
| b938cb90 | 395 | or integer values in the range of 0–7 (corresponding to the |
| 798d3a52 ZJS |
396 | same levels). Messages equal or below the log level specified |
| 397 | are stored/forwarded, messages above are dropped. Defaults to | |
| 398 | <literal>debug</literal> for <varname>MaxLevelStore=</varname> | |
| 399 | and <varname>MaxLevelSyslog=</varname>, to ensure that the all | |
| c97ae2b2 LB |
400 | messages are stored in the journal and forwarded to syslog. |
| 401 | Defaults to | |
| 798d3a52 ZJS |
402 | <literal>notice</literal> for <varname>MaxLevelKMsg=</varname>, |
| 403 | <literal>info</literal> for <varname>MaxLevelConsole=</varname>, | |
| 404 | and <literal>emerg</literal> for | |
| 863a5610 UTL |
405 | <varname>MaxLevelWall=</varname>. These settings may be |
| 406 | overridden at boot time with the kernel command line options | |
| 407 | <literal>systemd.journald.max_level_store=</literal>, | |
| 408 | <literal>systemd.journald.max_level_syslog=</literal>, | |
| 409 | <literal>systemd.journald.max_level_kmsg=</literal>, | |
| 410 | <literal>systemd.journald.max_level_console=</literal>, | |
| 411 | <literal>systemd.journald.max_level_wall=</literal>.</para> | |
| 412 | </listitem> | |
| 798d3a52 ZJS |
413 | </varlistentry> |
| 414 | ||
| b2392ff3 SS |
415 | <varlistentry> |
| 416 | <term><varname>ReadKMsg=</varname></term> | |
| 417 | ||
| 6bc43619 LP |
418 | <listitem><para>Takes a boolean value. If enabled <command>systemd-journal</command> processes |
| 419 | <filename>/dev/kmsg</filename> messages generated by the kernel. In the default journal namespace | |
| 420 | this option is enabled by default, it is disabled in all others.</para></listitem> | |
| b2392ff3 SS |
421 | </varlistentry> |
| 422 | ||
| 511e03a3 LP |
423 | <varlistentry> |
| 424 | <term><varname>Audit=</varname></term> | |
| 425 | ||
| 2aba7705 | 426 | <listitem><para>Takes a boolean value. If enabled <command>systemd-journald</command> will turn on |
| 511e03a3 | 427 | kernel auditing on start-up. If disabled it will turn it off. If unset it will neither enable nor |
| 2aba7705 FB |
428 | disable it, leaving the previous state unchanged. This means if another tool turns on auditing even |
| 429 | if <command>systemd-journald</command> left it off, it will still collect the generated | |
| 430 | messages. Defaults to on.</para> | |
| 431 | ||
| 432 | <para>Note that this option does not control whether <command>systemd-journald</command> collects | |
| 433 | generated audit records, it just controls whether it tells the kernel to generate them. If you need | |
| 434 | to prevent <command>systemd-journald</command> from collecting the generated messages, the socket | |
| 435 | unit <literal>systemd-journald-audit.socket</literal> can be disabled and in this case this setting | |
| 436 | is without effect.</para> | |
| 437 | </listitem> | |
| 511e03a3 LP |
438 | </varlistentry> |
| 439 | ||
| 798d3a52 ZJS |
440 | <varlistentry> |
| 441 | <term><varname>TTYPath=</varname></term> | |
| 442 | ||
| 443 | <listitem><para>Change the console TTY to use if | |
| 444 | <varname>ForwardToConsole=yes</varname> is used. Defaults to | |
| 445 | <filename>/dev/console</filename>.</para></listitem> | |
| 446 | </varlistentry> | |
| 447 | ||
| ec20fe5f LP |
448 | <varlistentry> |
| 449 | <term><varname>LineMax=</varname></term> | |
| 450 | ||
| 451 | <listitem><para>The maximum line length to permit when converting stream logs into record logs. When a systemd | |
| 452 | unit's standard output/error are connected to the journal via a stream socket, the data read is split into | |
| 6b44ad0b | 453 | individual log records at newline (<literal>\n</literal>, ASCII 10) and <constant>NUL</constant> characters. If no such delimiter is |
| dcfaecc7 | 454 | read for the specified number of bytes a hard log record boundary is artificially inserted, breaking up overly |
| ec20fe5f LP |
455 | long lines into multiple log records. Selecting overly large values increases the possible memory usage of the |
| 456 | Journal daemon for each stream client, as in the worst case the journal daemon needs to buffer the specified | |
| 457 | number of bytes in memory before it can flush a new log record to disk. Also note that permitting overly large | |
| 458 | line maximum line lengths affects compatibility with traditional log protocols as log records might not fit | |
| 459 | anymore into a single <constant>AF_UNIX</constant> or <constant>AF_INET</constant> datagram. Takes a size in | |
| 460 | bytes. If the value is suffixed with K, M, G or T, the specified size is parsed as Kilobytes, Megabytes, | |
| 461 | Gigabytes, or Terabytes (with the base 1024), respectively. Defaults to 48K, which is relatively large but | |
| 462 | still small enough so that log records likely fit into network datagrams along with extra room for | |
| 463 | metadata. Note that values below 79 are not accepted and will be bumped to 79.</para></listitem> | |
| 464 | </varlistentry> | |
| 465 | ||
| 798d3a52 ZJS |
466 | </variablelist> |
| 467 | ||
| 468 | </refsect1> | |
| 469 | ||
| 589532d0 ZJS |
470 | <refsect1> |
| 471 | <title>Forwarding to traditional syslog daemons</title> | |
| 472 | ||
| 473 | <para> | |
| 7703bd4d | 474 | Journal events can be transferred to a different logging daemon |
| a8eaaee7 | 475 | in two different ways. With the first method, messages are |
| 589532d0 ZJS |
476 | immediately forwarded to a socket |
| 477 | (<filename>/run/systemd/journal/syslog</filename>), where the | |
| 478 | traditional syslog daemon can read them. This method is | |
| a8eaaee7 | 479 | controlled by the <varname>ForwardToSyslog=</varname> option. With a |
| 589532d0 ZJS |
480 | second method, a syslog daemon behaves like a normal journal |
| 481 | client, and reads messages from the journal files, similarly to | |
| 482 | <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>. | |
| a8eaaee7 | 483 | With this, messages do not have to be read immediately, |
| 589532d0 ZJS |
484 | which allows a logging daemon which is only started late in boot |
| 485 | to access all messages since the start of the system. In | |
| 486 | addition, full structured meta-data is available to it. This | |
| 487 | method of course is available only if the messages are stored in | |
| 7703bd4d | 488 | a journal file at all. So it will not work if |
| 589532d0 | 489 | <varname>Storage=none</varname> is set. It should be noted that |
| 7703bd4d | 490 | usually the <emphasis>second</emphasis> method is used by syslog |
| 589532d0 ZJS |
491 | daemons, so the <varname>Storage=</varname> option, and not the |
| 492 | <varname>ForwardToSyslog=</varname> option, is relevant for them. | |
| 493 | </para> | |
| 494 | </refsect1> | |
| 495 | ||
| 798d3a52 ZJS |
496 | <refsect1> |
| 497 | <title>See Also</title> | |
| 498 | <para> | |
| 499 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
| 500 | <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, | |
| 501 | <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
| 502 | <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>, | |
| 503 | <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
| 504 | </para> | |
| 505 | </refsect1> | |
| b47ffcfd LP |
506 | |
| 507 | </refentry> |