]>
Commit | Line | Data |
---|---|---|
b47ffcfd | 1 | <?xml version='1.0'?> <!--*-nxml-*--> |
b47ffcfd | 2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" |
12b42c76 | 3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> |
b47ffcfd LP |
4 | |
5 | <!-- | |
6 | This file is part of systemd. | |
7 | ||
8 | Copyright 2010 Lennart Poettering | |
9 | ||
10 | systemd is free software; you can redistribute it and/or modify it | |
5430f7f2 LP |
11 | under the terms of the GNU Lesser General Public License as published by |
12 | the Free Software Foundation; either version 2.1 of the License, or | |
b47ffcfd LP |
13 | (at your option) any later version. |
14 | ||
15 | systemd is distributed in the hope that it will be useful, but | |
16 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
5430f7f2 | 18 | Lesser General Public License for more details. |
b47ffcfd | 19 | |
5430f7f2 | 20 | You should have received a copy of the GNU Lesser General Public License |
b47ffcfd LP |
21 | along with systemd; If not, see <http://www.gnu.org/licenses/>. |
22 | --> | |
23 | ||
a9edaeff | 24 | <refentry id="journald.conf" |
798d3a52 ZJS |
25 | xmlns:xi="http://www.w3.org/2001/XInclude"> |
26 | <refentryinfo> | |
27 | <title>journald.conf</title> | |
28 | <productname>systemd</productname> | |
29 | ||
30 | <authorgroup> | |
31 | <author> | |
32 | <contrib>Developer</contrib> | |
33 | <firstname>Lennart</firstname> | |
34 | <surname>Poettering</surname> | |
35 | <email>lennart@poettering.net</email> | |
36 | </author> | |
37 | </authorgroup> | |
38 | </refentryinfo> | |
39 | ||
40 | <refmeta> | |
41 | <refentrytitle>journald.conf</refentrytitle> | |
42 | <manvolnum>5</manvolnum> | |
43 | </refmeta> | |
44 | ||
45 | <refnamediv> | |
46 | <refname>journald.conf</refname> | |
47 | <refname>journald.conf.d</refname> | |
48 | <refpurpose>Journal service configuration files</refpurpose> | |
49 | </refnamediv> | |
50 | ||
51 | <refsynopsisdiv> | |
12b42c76 TG |
52 | <para><filename>/etc/systemd/journald.conf</filename></para> |
53 | <para><filename>/etc/systemd/journald.conf.d/*.conf</filename></para> | |
798d3a52 | 54 | <para><filename>/run/systemd/journald.conf.d/*.conf</filename></para> |
12b42c76 | 55 | <para><filename>/usr/lib/systemd/journald.conf.d/*.conf</filename></para> |
798d3a52 ZJS |
56 | </refsynopsisdiv> |
57 | ||
58 | <refsect1> | |
59 | <title>Description</title> | |
60 | ||
61 | <para>These files configure various parameters of the systemd | |
62 | journal service, | |
63 | <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para> | |
64 | ||
65 | </refsect1> | |
66 | ||
e93549ef | 67 | <xi:include href="standard-conf.xml" xpointer="main-conf" /> |
798d3a52 ZJS |
68 | |
69 | <refsect1> | |
70 | <title>Options</title> | |
71 | ||
72 | <para>All options are configured in the | |
73 | <literal>[Journal]</literal> section:</para> | |
74 | ||
75 | <variablelist> | |
76 | ||
77 | <varlistentry> | |
78 | <term><varname>Storage=</varname></term> | |
79 | ||
80 | <listitem><para>Controls where to store journal data. One of | |
81 | <literal>volatile</literal>, | |
82 | <literal>persistent</literal>, | |
83 | <literal>auto</literal> and | |
84 | <literal>none</literal>. If | |
85 | <literal>volatile</literal>, journal | |
86 | log data will be stored only in memory, i.e. below the | |
87 | <filename>/run/log/journal</filename> hierarchy (which is | |
88 | created if needed). If <literal>persistent</literal>, data | |
89 | will be stored preferably on disk, i.e. below the | |
90 | <filename>/var/log/journal</filename> hierarchy (which is | |
91 | created if needed), with a fallback to | |
92 | <filename>/run/log/journal</filename> (which is created if | |
93 | needed), during early boot and if the disk is not writable. | |
94 | <literal>auto</literal> is similar to | |
95 | <literal>persistent</literal> but the directory | |
96 | <filename>/var/log/journal</filename> is not created if | |
97 | needed, so that its existence controls where log data goes. | |
98 | <literal>none</literal> turns off all storage, all log data | |
99 | received will be dropped. Forwarding to other targets, such as | |
589532d0 | 100 | the console, the kernel log buffer, or a syslog socket will |
798d3a52 ZJS |
101 | still work however. Defaults to |
102 | <literal>auto</literal>.</para></listitem> | |
103 | </varlistentry> | |
104 | ||
105 | <varlistentry> | |
106 | <term><varname>Compress=</varname></term> | |
107 | ||
108 | <listitem><para>Takes a boolean value. If enabled (the | |
109 | default), data objects that shall be stored in the journal and | |
110 | are larger than a certain threshold are compressed before they | |
111 | are written to the file system.</para></listitem> | |
112 | </varlistentry> | |
113 | ||
114 | <varlistentry> | |
115 | <term><varname>Seal=</varname></term> | |
116 | ||
117 | <listitem><para>Takes a boolean value. If enabled (the | |
118 | default), and a sealing key is available (as created by | |
119 | <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s | |
120 | <option>--setup-keys</option> command), Forward Secure Sealing | |
121 | (FSS) for all persistent journal files is enabled. FSS is | |
122 | based on <ulink | |
123 | url="https://eprint.iacr.org/2013/397">Seekable Sequential Key | |
124 | Generators</ulink> by G. A. Marson and B. Poettering | |
125 | (doi:10.1007/978-3-642-40203-6_7) and may be used to protect | |
126 | journal files from unnoticed alteration.</para></listitem> | |
127 | </varlistentry> | |
128 | ||
129 | <varlistentry> | |
130 | <term><varname>SplitMode=</varname></term> | |
131 | ||
91c88615 LP |
132 | <listitem><para>Controls whether to split up journal files per user. Split-up journal files are primarily |
133 | useful for access control: on UNIX/Linux access control is managed per file, and the journal daemon will assign | |
134 | users read access to their journal files. This setting takes one of <literal>uid</literal>, | |
135 | <literal>login</literal> or <literal>none</literal>. If <literal>uid</literal>, all regular users will get each | |
136 | their own journal files regardless of whether their processes possess login sessions or not, however system | |
137 | users will log into the system journal. If <literal>login</literal>, actually logged-in users will get each | |
138 | their own journal files, but users without login session and system users will log into the system | |
139 | journal. Note that in this mode, user code running outside of any login session will log into the system log | |
140 | instead of the split-out user logs. Most importantly, this means that information about core dumps of user | |
141 | processes collected via the | |
142 | <citerefentry><refentrytitle>systemd-coredump</refentrytitle><manvolnum>8</manvolnum></citerefentry> subsystem | |
143 | will end up in the system logs instead of the user logs, and thus not be accessible to the owning users. If | |
144 | <literal>none</literal>, journal files are not split up by user and all messages are instead stored in the | |
145 | single system journal. In this mode unprivileged users generally do not have access to their own log data. Note | |
146 | that splitting up journal files by user is only available for journals stored persistently. If journals are | |
147 | stored on volatile storage (see above), only a single journal file for all user IDs is kept. Defaults to | |
798d3a52 ZJS |
148 | <literal>uid</literal>.</para></listitem> |
149 | </varlistentry> | |
150 | ||
151 | <varlistentry> | |
f0367da7 | 152 | <term><varname>RateLimitIntervalSec=</varname></term> |
798d3a52 ZJS |
153 | <term><varname>RateLimitBurst=</varname></term> |
154 | ||
155 | <listitem><para>Configures the rate limiting that is applied | |
156 | to all messages generated on the system. If, in the time | |
f0367da7 | 157 | interval defined by <varname>RateLimitIntervalSec=</varname>, |
798d3a52 ZJS |
158 | more messages than specified in |
159 | <varname>RateLimitBurst=</varname> are logged by a service, | |
160 | all further messages within the interval are dropped until the | |
161 | interval is over. A message about the number of dropped | |
162 | messages is generated. This rate limiting is applied | |
163 | per-service, so that two services which log do not interfere | |
164 | with each other's limits. Defaults to 1000 messages in 30s. | |
165 | The time specification for | |
f0367da7 | 166 | <varname>RateLimitIntervalSec=</varname> may be specified in the |
798d3a52 ZJS |
167 | following units: <literal>s</literal>, <literal>min</literal>, |
168 | <literal>h</literal>, <literal>ms</literal>, | |
169 | <literal>us</literal>. To turn off any kind of rate limiting, | |
170 | set either value to 0.</para></listitem> | |
171 | </varlistentry> | |
172 | ||
173 | <varlistentry> | |
174 | <term><varname>SystemMaxUse=</varname></term> | |
175 | <term><varname>SystemKeepFree=</varname></term> | |
176 | <term><varname>SystemMaxFileSize=</varname></term> | |
8580d1f7 | 177 | <term><varname>SystemMaxFiles=</varname></term> |
798d3a52 ZJS |
178 | <term><varname>RuntimeMaxUse=</varname></term> |
179 | <term><varname>RuntimeKeepFree=</varname></term> | |
180 | <term><varname>RuntimeMaxFileSize=</varname></term> | |
8580d1f7 | 181 | <term><varname>RuntimeMaxFiles=</varname></term> |
798d3a52 ZJS |
182 | |
183 | <listitem><para>Enforce size limits on the journal files | |
184 | stored. The options prefixed with <literal>System</literal> | |
185 | apply to the journal files when stored on a persistent file | |
186 | system, more specifically | |
187 | <filename>/var/log/journal</filename>. The options prefixed | |
188 | with <literal>Runtime</literal> apply to the journal files | |
189 | when stored on a volatile in-memory file system, more | |
190 | specifically <filename>/run/log/journal</filename>. The former | |
191 | is used only when <filename>/var</filename> is mounted, | |
192 | writable, and the directory | |
193 | <filename>/var/log/journal</filename> exists. Otherwise, only | |
194 | the latter applies. Note that this means that during early | |
195 | boot and if the administrator disabled persistent logging, | |
196 | only the latter options apply, while the former apply if | |
197 | persistent logging is enabled and the system is fully booted | |
198 | up. <command>journalctl</command> and | |
199 | <command>systemd-journald</command> ignore all files with | |
200 | names not ending with <literal>.journal</literal> or | |
201 | <literal>.journal~</literal>, so only such files, located in | |
202 | the appropriate directories, are taken into account when | |
8580d1f7 | 203 | calculating current disk usage.</para> |
798d3a52 ZJS |
204 | |
205 | <para><varname>SystemMaxUse=</varname> and | |
206 | <varname>RuntimeMaxUse=</varname> control how much disk space | |
a8eaaee7 | 207 | the journal may use up at most. |
798d3a52 ZJS |
208 | <varname>SystemKeepFree=</varname> and |
209 | <varname>RuntimeKeepFree=</varname> control how much disk | |
210 | space systemd-journald shall leave free for other uses. | |
211 | <command>systemd-journald</command> will respect both limits | |
212 | and use the smaller of the two values.</para> | |
213 | ||
214 | <para>The first pair defaults to 10% and the second to 15% of | |
32252660 LP |
215 | the size of the respective file system, but each value is |
216 | capped to 4G. If the file system is nearly full and either | |
217 | <varname>SystemKeepFree=</varname> or | |
8580d1f7 LP |
218 | <varname>RuntimeKeepFree=</varname> are violated when |
219 | systemd-journald is started, the limit will be raised to the | |
798d3a52 ZJS |
220 | percentage that is actually free. This means that if there was |
221 | enough free space before and journal files were created, and | |
222 | subsequently something else causes the file system to fill up, | |
223 | journald will stop using more space, but it will not be | |
a8eaaee7 | 224 | removing existing files to reduce the footprint again, |
8580d1f7 | 225 | either.</para> |
798d3a52 | 226 | |
589532d0 ZJS |
227 | <para><varname>SystemMaxFileSize=</varname> and |
228 | <varname>RuntimeMaxFileSize=</varname> control how large | |
a8eaaee7 | 229 | individual journal files may grow at most. This influences |
589532d0 ZJS |
230 | the granularity in which disk space is made available through |
231 | rotation, i.e. deletion of historic data. Defaults to one | |
232 | eighth of the values configured with | |
798d3a52 | 233 | <varname>SystemMaxUse=</varname> and |
589532d0 | 234 | <varname>RuntimeMaxUse=</varname>, so that usually seven |
8580d1f7 | 235 | rotated journal files are kept as history.</para> |
b6872d3a JS |
236 | |
237 | <para>Specify values in bytes or use K, M, G, T, P, E as | |
b938cb90 | 238 | units for the specified sizes (equal to 1024, 1024², ... bytes). |
b6872d3a JS |
239 | Note that size limits are enforced synchronously when journal |
240 | files are extended, and no explicit rotation step triggered by | |
241 | time is needed.</para> | |
8580d1f7 LP |
242 | |
243 | <para><varname>SystemMaxFiles=</varname> and | |
244 | <varname>RuntimeMaxFiles=</varname> control how many | |
a8eaaee7 | 245 | individual journal files to keep at most. Note that only |
8580d1f7 LP |
246 | archived files are deleted to reduce the number of files until |
247 | this limit is reached; active files will stay around. This | |
b938cb90 | 248 | means that, in effect, there might still be more journal files |
8580d1f7 LP |
249 | around in total than this limit after a vacuuming operation is |
250 | complete. This setting defaults to 100.</para></listitem> | |
798d3a52 ZJS |
251 | </varlistentry> |
252 | ||
253 | <varlistentry> | |
254 | <term><varname>MaxFileSec=</varname></term> | |
255 | ||
256 | <listitem><para>The maximum time to store entries in a single | |
257 | journal file before rotating to the next one. Normally, | |
258 | time-based rotation should not be required as size-based | |
259 | rotation with options such as | |
260 | <varname>SystemMaxFileSize=</varname> should be sufficient to | |
261 | ensure that journal files do not grow without bounds. However, | |
262 | to ensure that not too much data is lost at once when old | |
263 | journal files are deleted, it might make sense to change this | |
264 | value from the default of one month. Set to 0 to turn off this | |
265 | feature. This setting takes time values which may be suffixed | |
266 | with the units <literal>year</literal>, | |
267 | <literal>month</literal>, <literal>week</literal>, | |
268 | <literal>day</literal>, <literal>h</literal> or | |
269 | <literal>m</literal> to override the default time unit of | |
270 | seconds.</para></listitem> | |
271 | </varlistentry> | |
272 | ||
273 | <varlistentry> | |
274 | <term><varname>MaxRetentionSec=</varname></term> | |
275 | ||
276 | <listitem><para>The maximum time to store journal entries. | |
277 | This controls whether journal files containing entries older | |
278 | then the specified time span are deleted. Normally, time-based | |
279 | deletion of old journal files should not be required as | |
280 | size-based deletion with options such as | |
281 | <varname>SystemMaxUse=</varname> should be sufficient to | |
282 | ensure that journal files do not grow without bounds. However, | |
283 | to enforce data retention policies, it might make sense to | |
284 | change this value from the default of 0 (which turns off this | |
285 | feature). This setting also takes time values which may be | |
286 | suffixed with the units <literal>year</literal>, | |
287 | <literal>month</literal>, <literal>week</literal>, | |
288 | <literal>day</literal>, <literal>h</literal> or <literal> | |
289 | m</literal> to override the default time unit of | |
290 | seconds.</para></listitem> | |
291 | </varlistentry> | |
292 | ||
293 | ||
294 | <varlistentry> | |
295 | <term><varname>SyncIntervalSec=</varname></term> | |
296 | ||
297 | <listitem><para>The timeout before synchronizing journal files | |
298 | to disk. After syncing, journal files are placed in the | |
299 | OFFLINE state. Note that syncing is unconditionally done | |
300 | immediately after a log message of priority CRIT, ALERT or | |
301 | EMERG has been logged. This setting hence applies only to | |
302 | messages of the levels ERR, WARNING, NOTICE, INFO, DEBUG. The | |
303 | default timeout is 5 minutes. </para></listitem> | |
304 | </varlistentry> | |
305 | ||
306 | <varlistentry> | |
307 | <term><varname>ForwardToSyslog=</varname></term> | |
308 | <term><varname>ForwardToKMsg=</varname></term> | |
309 | <term><varname>ForwardToConsole=</varname></term> | |
310 | <term><varname>ForwardToWall=</varname></term> | |
311 | ||
312 | <listitem><para>Control whether log messages received by the | |
313 | journal daemon shall be forwarded to a traditional syslog | |
314 | daemon, to the kernel log buffer (kmsg), to the system | |
315 | console, or sent as wall messages to all logged-in users. | |
316 | These options take boolean arguments. If forwarding to syslog | |
589532d0 ZJS |
317 | is enabled but nothing reads messages from the socket, |
318 | forwarding to syslog has no effect. By default, only | |
319 | forwarding to wall is enabled. These settings may be | |
320 | overridden at boot time with the kernel command line options | |
798d3a52 ZJS |
321 | <literal>systemd.journald.forward_to_syslog=</literal>, |
322 | <literal>systemd.journald.forward_to_kmsg=</literal>, | |
589532d0 | 323 | <literal>systemd.journald.forward_to_console=</literal>, and |
798d3a52 ZJS |
324 | <literal>systemd.journald.forward_to_wall=</literal>. When |
325 | forwarding to the console, the TTY to log to can be changed | |
326 | with <varname>TTYPath=</varname>, described | |
327 | below.</para></listitem> | |
328 | </varlistentry> | |
329 | ||
330 | <varlistentry> | |
331 | <term><varname>MaxLevelStore=</varname></term> | |
332 | <term><varname>MaxLevelSyslog=</varname></term> | |
333 | <term><varname>MaxLevelKMsg=</varname></term> | |
334 | <term><varname>MaxLevelConsole=</varname></term> | |
335 | <term><varname>MaxLevelWall=</varname></term> | |
336 | ||
337 | <listitem><para>Controls the maximum log level of messages | |
338 | that are stored on disk, forwarded to syslog, kmsg, the | |
339 | console or wall (if that is enabled, see above). As argument, | |
340 | takes one of | |
341 | <literal>emerg</literal>, | |
342 | <literal>alert</literal>, | |
343 | <literal>crit</literal>, | |
344 | <literal>err</literal>, | |
345 | <literal>warning</literal>, | |
346 | <literal>notice</literal>, | |
347 | <literal>info</literal>, | |
348 | <literal>debug</literal>, | |
b938cb90 | 349 | or integer values in the range of 0–7 (corresponding to the |
798d3a52 ZJS |
350 | same levels). Messages equal or below the log level specified |
351 | are stored/forwarded, messages above are dropped. Defaults to | |
352 | <literal>debug</literal> for <varname>MaxLevelStore=</varname> | |
353 | and <varname>MaxLevelSyslog=</varname>, to ensure that the all | |
354 | messages are written to disk and forwarded to syslog. Defaults | |
355 | to | |
356 | <literal>notice</literal> for <varname>MaxLevelKMsg=</varname>, | |
357 | <literal>info</literal> for <varname>MaxLevelConsole=</varname>, | |
358 | and <literal>emerg</literal> for | |
359 | <varname>MaxLevelWall=</varname>.</para></listitem> | |
360 | </varlistentry> | |
361 | ||
362 | <varlistentry> | |
363 | <term><varname>TTYPath=</varname></term> | |
364 | ||
365 | <listitem><para>Change the console TTY to use if | |
366 | <varname>ForwardToConsole=yes</varname> is used. Defaults to | |
367 | <filename>/dev/console</filename>.</para></listitem> | |
368 | </varlistentry> | |
369 | ||
370 | </variablelist> | |
371 | ||
372 | </refsect1> | |
373 | ||
589532d0 ZJS |
374 | <refsect1> |
375 | <title>Forwarding to traditional syslog daemons</title> | |
376 | ||
377 | <para> | |
7703bd4d | 378 | Journal events can be transferred to a different logging daemon |
a8eaaee7 | 379 | in two different ways. With the first method, messages are |
589532d0 ZJS |
380 | immediately forwarded to a socket |
381 | (<filename>/run/systemd/journal/syslog</filename>), where the | |
382 | traditional syslog daemon can read them. This method is | |
a8eaaee7 | 383 | controlled by the <varname>ForwardToSyslog=</varname> option. With a |
589532d0 ZJS |
384 | second method, a syslog daemon behaves like a normal journal |
385 | client, and reads messages from the journal files, similarly to | |
386 | <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>. | |
a8eaaee7 | 387 | With this, messages do not have to be read immediately, |
589532d0 ZJS |
388 | which allows a logging daemon which is only started late in boot |
389 | to access all messages since the start of the system. In | |
390 | addition, full structured meta-data is available to it. This | |
391 | method of course is available only if the messages are stored in | |
7703bd4d | 392 | a journal file at all. So it will not work if |
589532d0 | 393 | <varname>Storage=none</varname> is set. It should be noted that |
7703bd4d | 394 | usually the <emphasis>second</emphasis> method is used by syslog |
589532d0 ZJS |
395 | daemons, so the <varname>Storage=</varname> option, and not the |
396 | <varname>ForwardToSyslog=</varname> option, is relevant for them. | |
397 | </para> | |
398 | </refsect1> | |
399 | ||
798d3a52 ZJS |
400 | <refsect1> |
401 | <title>See Also</title> | |
402 | <para> | |
403 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
404 | <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, | |
405 | <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
406 | <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>, | |
407 | <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
408 | </para> | |
409 | </refsect1> | |
b47ffcfd LP |
410 | |
411 | </refentry> |