]> git.ipfire.org Git - thirdparty/systemd.git/blob - man/systemd-journald.service.xml
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge pull request #6879 from marcelhollerbach/testsuite-fix
[thirdparty/systemd.git] / man / systemd-journald.service.xml
1 <?xml version='1.0'?> <!--*-nxml-*-->
2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
4
5 <!--
6 This file is part of systemd.
7
8 Copyright 2010 Lennart Poettering
9
10 systemd is free software; you can redistribute it and/or modify it
11 under the terms of the GNU Lesser General Public License as published by
12 the Free Software Foundation; either version 2.1 of the License, or
13 (at your option) any later version.
14
15 systemd is distributed in the hope that it will be useful, but
16 WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
19
20 You should have received a copy of the GNU Lesser General Public License
21 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 -->
23
24 <refentry id="systemd-journald.service">
25
26 <refentryinfo>
27 <title>systemd-journald.service</title>
28 <productname>systemd</productname>
29
30 <authorgroup>
31 <author>
32 <contrib>Developer</contrib>
33 <firstname>Lennart</firstname>
34 <surname>Poettering</surname>
35 <email>lennart@poettering.net</email>
36 </author>
37 </authorgroup>
38 </refentryinfo>
39
40 <refmeta>
41 <refentrytitle>systemd-journald.service</refentrytitle>
42 <manvolnum>8</manvolnum>
43 </refmeta>
44
45 <refnamediv>
46 <refname>systemd-journald.service</refname>
47 <refname>systemd-journald.socket</refname>
48 <refname>systemd-journald-dev-log.socket</refname>
49 <refname>systemd-journald-audit.socket</refname>
50 <refname>systemd-journald</refname>
51 <refpurpose>Journal service</refpurpose>
52 </refnamediv>
53
54 <refsynopsisdiv>
55 <para><filename>systemd-journald.service</filename></para>
56 <para><filename>systemd-journald.socket</filename></para>
57 <para><filename>systemd-journald-dev-log.socket</filename></para>
58 <para><filename>systemd-journald-audit.socket</filename></para>
59 <para><filename>/usr/lib/systemd/systemd-journald</filename></para>
60 </refsynopsisdiv>
61
62 <refsect1>
63 <title>Description</title>
64
65 <para><filename>systemd-journald</filename> is a system service
66 that collects and stores logging data. It creates and maintains
67 structured, indexed journals based on logging information that is
68 received from a variety of sources:</para>
69
70 <itemizedlist>
71 <listitem><para>Kernel log messages, via kmsg</para></listitem>
72
73 <listitem><para>Simple system log messages, via the <filename>libc</filename> <citerefentry
74 project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
75 call</para></listitem>
76
77 <listitem><para>Structured system log messages via the native
78 Journal API, see
79 <citerefentry><refentrytitle>sd_journal_print</refentrytitle><manvolnum>4</manvolnum></citerefentry></para></listitem>
80
81 <listitem><para>Standard output and standard error of service units. For further details see
82 below.</para></listitem>
83
84 <listitem><para>Audit records, originating from the kernel audit subsystem</para></listitem>
85 </itemizedlist>
86
87 <para>The daemon will implicitly collect numerous metadata fields
88 for each log messages in a secure and unfakeable way. See
89 <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>
90 for more information about the collected metadata.
91 </para>
92
93 <para>Log data collected by the journal is primarily text-based
94 but can also include binary data where necessary. All objects
95 stored in the journal can be up to 2^64-1 bytes in size.</para>
96
97 <para>By default, the journal stores log data in
98 <filename>/run/log/journal/</filename>. Since
99 <filename>/run/</filename> is volatile, log data is lost at
100 reboot. To make the data persistent, it is sufficient to create
101 <filename>/var/log/journal/</filename> where
102 <filename>systemd-journald</filename> will then store the
103 data:</para>
104
105 <programlisting>mkdir -p /var/log/journal
106 systemd-tmpfiles --create --prefix /var/log/journal</programlisting>
107
108 <para>See
109 <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
110 for information about the configuration of this service.</para>
111 </refsect1>
112
113 <refsect1>
114 <title>Stream logging</title>
115
116 <para>The systemd service manager invokes all service processes with standard output and standard error connected
117 to the journal by default. This behaviour may be altered via the
118 <varname>StandardOutput=</varname>/<varname>StandardError=</varname> unit file settings, see
119 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for details. The
120 journal converts the log byte stream received this way into individual log records, splitting the stream at newline
121 (<literal>\n</literal>, ASCII <constant>10</constant>) and <constant>NUL</constant> bytes.</para>
122
123 <para>If <filename>systemd-journald.service</filename> is stopped, the stream connections associated with all
124 services are terminated. Further writes to those streams by the service will result in <constant>EPIPE</constant>
125 errors. In order to react gracefully in this case it is recommended that programs logging to standard output/error
126 ignore such errors. If the the <constant>SIGPIPE</constant> UNIX signal handler is not blocked or turned off, such
127 write attempts will also result in such process signals being generated, see
128 <citerefentry><refentrytitle>signal</refentrytitle><manvolnum>7</manvolnum></citerefentry>. To mitigate this issue,
129 systemd service manager explicitly turns off the <constant>SIGPIPE</constant> signal for all invoked processes by
130 default (this may be changed for each unit individually via the <varname>IgnoreSIGPIPE=</varname> option, see
131 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
132 details). After the standard output/standard error streams have been terminated they may not be recovered until the
133 services they are associated with are restarted. Note that during normal operation,
134 <filename>systemd-journald.service</filename> stores copies of the file descriptors for those streams in the
135 service manager. If <filename>systemd-journald.service</filename> is restarted using <command>systemctl
136 restart</command> or equivalent operation instead of a pair of separate <command>systemctl stop</command> and
137 <command>systemctl start</command> commands (or equivalent operations), these stream connections are not terminated
138 and survive the restart. It is thus safe to restart <filename>systemd-journald.service</filename>, but stopping it
139 is not recommended.</para>
140
141 <para>Note that the log record metadata for records transferred via such standard output/error streams reflect the
142 metadata of the peer the stream was originally created for. If the stream connection is passed on to other
143 processes (such as further child processes forked off the main service process), the log records will not reflect
144 their metadata, but will continue to describe the original process. This is different from the other logging
145 transports listed above, which are inherently record based and where the metadata is always associated with the
146 individual record.</para>
147
148 <para>In addition to the the implicit standard output/error logging of services, stream logging is also available
149 via the <citerefentry><refentrytitle>systemd-cat</refentrytitle><manvolnum>1</manvolnum></citerefentry> command
150 line tool.</para>
151
152 <para>Currently, the number of parallel log streams <filename>systemd-journald</filename> will accept is limited to
153 4096. When this limit is reached further log streams may be established but will receieve
154 <constant>EPIPE</constant> right from the beginning.</para>
155 </refsect1>
156
157 <refsect1>
158 <title>Signals</title>
159
160 <variablelist>
161 <varlistentry>
162 <term>SIGUSR1</term>
163
164 <listitem><para>Request that journal data from
165 <filename>/run/</filename> is flushed to
166 <filename>/var/</filename> in order to make it persistent (if
167 this is enabled). This must be used after
168 <filename>/var/</filename> is mounted, as otherwise log data
169 from <filename>/run</filename> is never flushed to
170 <filename>/var</filename> regardless of the configuration. The
171 <command>journalctl --flush</command> command uses this signal
172 to request flushing of the journal files, and then waits for
173 the operation to complete. See
174 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
175 for details.</para></listitem>
176 </varlistentry>
177
178 <varlistentry>
179 <term>SIGUSR2</term>
180
181 <listitem><para>Request immediate rotation of the journal
182 files. The <command>journalctl --rotate</command> command uses
183 this signal to request journal file
184 rotation.</para></listitem>
185 </varlistentry>
186
187 <varlistentry>
188 <term>SIGRTMIN+1</term>
189
190 <listitem><para>Request that all unwritten log data is written
191 to disk. The <command>journalctl --sync</command> command uses
192 this signal to trigger journal synchronization, and then waits
193 for the operation to complete.</para></listitem>
194 </varlistentry>
195 </variablelist>
196 </refsect1>
197
198 <refsect1>
199 <title>Kernel Command Line</title>
200
201 <para>A few configuration parameters from
202 <filename>journald.conf</filename> may be overridden on the kernel
203 command line:</para>
204
205 <variablelist class='kernel-commandline-options'>
206 <varlistentry>
207 <term><varname>systemd.journald.forward_to_syslog=</varname></term>
208 <term><varname>systemd.journald.forward_to_kmsg=</varname></term>
209 <term><varname>systemd.journald.forward_to_console=</varname></term>
210 <term><varname>systemd.journald.forward_to_wall=</varname></term>
211
212 <listitem><para>Enables/disables forwarding of collected log
213 messages to syslog, the kernel log buffer, the system console
214 or wall.
215 </para>
216
217 <para>See
218 <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
219 for information about these settings.</para>
220 </listitem>
221
222 </varlistentry>
223 </variablelist>
224 </refsect1>
225
226 <refsect1>
227 <title>Access Control</title>
228
229 <para>Journal files are, by default, owned and readable by the
230 <literal>systemd-journal</literal> system group but are not
231 writable. Adding a user to this group thus enables her/him to read
232 the journal files.</para>
233
234 <para>By default, each logged in user will get her/his own set of
235 journal files in <filename>/var/log/journal/</filename>. These
236 files will not be owned by the user, however, in order to avoid
237 that the user can write to them directly. Instead, file system
238 ACLs are used to ensure the user gets read access only.</para>
239
240 <para>Additional users and groups may be granted access to journal
241 files via file system access control lists (ACL). Distributions
242 and administrators may choose to grant read access to all members
243 of the <literal>wheel</literal> and <literal>adm</literal> system
244 groups with a command such as the following:</para>
245
246 <programlisting># setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/</programlisting>
247
248 <para>Note that this command will update the ACLs both for
249 existing journal files and for future journal files created in the
250 <filename>/var/log/journal/</filename> directory.</para>
251 </refsect1>
252
253 <refsect1>
254 <title>Files</title>
255
256 <variablelist>
257 <varlistentry>
258 <term><filename>/etc/systemd/journald.conf</filename></term>
259
260 <listitem><para>Configure
261 <command>systemd-journald</command>
262 behavior. See
263 <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
264 </para></listitem>
265 </varlistentry>
266
267 <varlistentry>
268 <term><filename>/run/log/journal/<replaceable>machine-id</replaceable>/*.journal</filename></term>
269 <term><filename>/run/log/journal/<replaceable>machine-id</replaceable>/*.journal~</filename></term>
270 <term><filename>/var/log/journal/<replaceable>machine-id</replaceable>/*.journal</filename></term>
271 <term><filename>/var/log/journal/<replaceable>machine-id</replaceable>/*.journal~</filename></term>
272
273 <listitem><para><command>systemd-journald</command> writes
274 entries to files in
275 <filename>/run/log/journal/<replaceable>machine-id</replaceable>/</filename>
276 or
277 <filename>/var/log/journal/<replaceable>machine-id</replaceable>/</filename>
278 with the <literal>.journal</literal> suffix. If the daemon is
279 stopped uncleanly, or if the files are found to be corrupted,
280 they are renamed using the <literal>.journal~</literal>
281 suffix, and <command>systemd-journald</command> starts writing
282 to a new file. <filename>/run</filename> is used when
283 <filename>/var/log/journal</filename> is not available, or
284 when <option>Storage=volatile</option> is set in the
285 <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
286 configuration file.</para></listitem>
287 </varlistentry>
288
289 <varlistentry>
290 <term><filename>/dev/kmsg</filename></term>
291 <term><filename>/dev/log</filename></term>
292 <term><filename>/run/systemd/journal/dev-log</filename></term>
293 <term><filename>/run/systemd/journal/socket</filename></term>
294 <term><filename>/run/systemd/journal/stdout</filename></term>
295
296 <listitem><para>Sockets and other paths that
297 <command>systemd-journald</command> will listen on that are
298 visible in the file system. In addition to these, journald can
299 listen for audit events using netlink.</para></listitem>
300 </varlistentry>
301 </variablelist>
302 </refsect1>
303
304 <refsect1>
305 <title>See Also</title>
306 <para>
307 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
308 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
309 <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
310 <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
311 <citerefentry><refentrytitle>sd-journal</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
312 <citerefentry><refentrytitle>systemd-coredump</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
313 <citerefentry project='die-net'><refentrytitle>setfacl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
314 <citerefentry><refentrytitle>sd_journal_print</refentrytitle><manvolnum>4</manvolnum></citerefentry>,
315 <command>pydoc systemd.journal</command>
316 </para>
317 </refsect1>
318
319 </refentry>
Unnamed repository; edit this file 'description' to name the repository.