<para>These files configure various parameters of the systemd journal service,
<citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
See
- <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>7</manvolnum></citerefentry>
for a general description of the syntax.</para>
<para>The <command>systemd-journald</command> instance managing the default namespace is configured by
<title>Options</title>
<para>All options are configured in the
- <literal>[Journal]</literal> section:</para>
+ [Journal] section:</para>
<variablelist class='config-directives'>
<literal>us</literal>. To turn off any kind of rate limiting,
set either value to 0.</para>
- <para>Note that the effective rate limit is multiplied with a
+ <para>Note that the effective rate limit is multiplied by a
factor derived from the available free disk space for the journal.
Currently, this factor is calculated using the base 2 logarithm.</para>
<varname>TTYPath=</varname>, described below.</para>
<para>When forwarding to the kernel log buffer (kmsg), make sure to select a suitably large size for
- the log buffer, and ensure the kernel's rate-limiting applied to userspace processes is turned
- off. Specifically, add <literal>log_buf_len=8M</literal> and <literal>printk.devkmsg=on</literal> (or
- similar) to the kernel command line.</para></listitem>
+ the log buffer, for example by adding <literal>log_buf_len=8M</literal> to the kernel command line.
+ <command>systemd</command> will automatically disable kernel's rate-limiting applied to userspace
+ processes (equivalent to setting <literal>printk.devkmsg=on</literal>).</para></listitem>
</varlistentry>
<varlistentry>
this option is enabled by default, it is disabled in all others.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>Audit=</varname></term>
+
+ <listitem><para>Takes a boolean value. If enabled <command>systemd-journal</command> will turn on
+ kernel auditing on start-up. If disabled it will turn it off. If unset it will neither enable nor
+ disable it, leaving the previous state unchanged. Note that this option does not control whether
+ <command>systemd-journald</command> collects generated audit records, it just controls whether it
+ tells the kernel to generate them. This means if another tool turns on auditing even if
+ <command>systemd-journald</command> left it off, it will still collect the generated
+ messages. Defaults to on.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>TTYPath=</varname></term>