<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
-<!-- SPDX-License-Identifier: LGPL-2.1+ -->
+<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
-<refentry id="systemd-journald.service">
+<refentry id="systemd-journald.service"
+ xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>
<title>systemd-journald.service</title>
<refname>systemd-journald.socket</refname>
<refname>systemd-journald-dev-log.socket</refname>
<refname>systemd-journald-audit.socket</refname>
+ <refname>systemd-journald@.service</refname>
+ <refname>systemd-journald@.socket</refname>
+ <refname>systemd-journald-varlink@.socket</refname>
<refname>systemd-journald</refname>
<refpurpose>Journal service</refpurpose>
</refnamediv>
<refsynopsisdiv>
- <para><filename>systemd-journald.service</filename></para>
- <para><filename>systemd-journald.socket</filename></para>
- <para><filename>systemd-journald-dev-log.socket</filename></para>
- <para><filename>systemd-journald-audit.socket</filename></para>
- <para><filename>/usr/lib/systemd/systemd-journald</filename></para>
+ <para><simplelist>
+ <member><filename>systemd-journald.service</filename></member>
+ <member><filename>systemd-journald.socket</filename></member>
+ <member><filename>systemd-journald-dev-log.socket</filename></member>
+ <member><filename>systemd-journald-audit.socket</filename></member>
+ <member><filename>systemd-journald@.service</filename></member>
+ <member><filename>systemd-journald@.socket</filename></member>
+ <member><filename>systemd-journald-varlink@.socket</filename></member>
+ <member><filename>/usr/lib/systemd/systemd-journald</filename></member>
+ </simplelist></para>
</refsynopsisdiv>
<refsect1>
project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
call</para></listitem>
- <listitem><para>Structured system log messages via the native
- Journal API, see
- <citerefentry><refentrytitle>sd_journal_print</refentrytitle><manvolnum>3</manvolnum></citerefentry></para></listitem>
+ <listitem><para>Structured system log messages via the native Journal API, see
+ <citerefentry><refentrytitle>sd_journal_print</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+ and <ulink url="https://systemd.io/JOURNAL_NATIVE_PROTOCOL">Native Journal
+ Protocol</ulink></para></listitem>
<listitem><para>Standard output and standard error of service units. For further details see
below.</para></listitem>
</para>
<para>Log data collected by the journal is primarily text-based but can also include binary data where
- necessary. Individual fields making up a log record stored in the journal may be up to 2^64-1 bytes in size.</para>
+ necessary. Individual fields making up a log record stored in the journal may be up to 2⁶⁴-1 bytes in size.</para>
<para>The journal service stores log data either persistently below <filename>/var/log/journal</filename> or in a
volatile way below <filename>/run/log/journal/</filename> (in the latter case it is lost at reboot). By default, log
<citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> to configure
where log data is placed, independently of the existence of <filename>/var/log/journal/</filename>.</para>
+ <para>Note that journald will initially use volatile storage, until a call to
+ <command>journalctl --flush</command> (or sending <constant>SIGUSR1</constant> to journald) will cause
+ it to switch to persistent logging (under the conditions mentioned above). This is done automatically
+ on boot via <literal>systemd-journal-flush.service</literal>.</para>
+
<para>On systems where <filename>/var/log/journal/</filename> does not exist yet but where persistent logging is
desired (and the default <filename>journald.conf</filename> is used), it is sufficient to create the directory, and
ensure it has the correct access modes and ownership:</para>
errors. In order to react gracefully in this case it is recommended that programs logging to standard output/error
ignore such errors. If the <constant>SIGPIPE</constant> UNIX signal handler is not blocked or turned off, such
write attempts will also result in such process signals being generated, see
- <citerefentry><refentrytitle>signal</refentrytitle><manvolnum>7</manvolnum></citerefentry>. To mitigate this issue,
- systemd service manager explicitly turns off the <constant>SIGPIPE</constant> signal for all invoked processes by
- default (this may be changed for each unit individually via the <varname>IgnoreSIGPIPE=</varname> option, see
+ <citerefentry project='man-pages'><refentrytitle>signal</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
+ To mitigate this issue, systemd service manager explicitly turns off the <constant>SIGPIPE</constant>
+ signal for all invoked processes by default (this may be changed for each unit individually via the
+ <varname>IgnoreSIGPIPE=</varname> option, see
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
- details). After the standard output/standard error streams have been terminated they may not be recovered until the
- services they are associated with are restarted. Note that during normal operation,
- <filename>systemd-journald.service</filename> stores copies of the file descriptors for those streams in the
- service manager. If <filename>systemd-journald.service</filename> is restarted using <command>systemctl
- restart</command> or equivalent operation instead of a pair of separate <command>systemctl stop</command> and
- <command>systemctl start</command> commands (or equivalent operations), these stream connections are not terminated
- and survive the restart. It is thus safe to restart <filename>systemd-journald.service</filename>, but stopping it
- is not recommended.</para>
+ details). After the standard output/standard error streams have been terminated they may not be recovered
+ until the services they are associated with are restarted. Note that during normal operation,
+ <filename>systemd-journald.service</filename> stores copies of the file descriptors for those streams in
+ the service manager. If <filename>systemd-journald.service</filename> is restarted using
+ <command>systemctl restart</command> or equivalent operation instead of a pair of separate
+ <command>systemctl stop</command> and <command>systemctl start</command> commands (or equivalent
+ operations), these stream connections are not terminated and survive the restart. It is thus safe to
+ restart <filename>systemd-journald.service</filename>, but stopping it is not recommended.</para>
<para>Note that the log record metadata for records transferred via such standard output/error streams reflect the
metadata of the peer the stream was originally created for. If the stream connection is passed on to other
<constant>EPIPE</constant> right from the beginning.</para>
</refsect1>
+ <refsect1>
+ <title>Journal Namespaces</title>
+
+ <para>Journal 'namespaces' are both a mechanism for logically isolating the log stream of projects
+ consisting of one or more services from the rest of the system and a mechanism for improving
+ performance. Multiple journal namespaces may exist simultaneously, each defining its own, independent log
+ stream managed by its own instance of <command>systemd-journald</command>. Namespaces are independent of
+ each other, both in the data store and in the IPC interface. By default only a single 'default' namespace
+ exists, managed by <filename>systemd-journald.service</filename> (and its associated socket
+ units). Additional namespaces are created by starting an instance of the
+ <filename>systemd-journald@.service</filename> service template. The instance name is the namespace
+ identifier, which is a short string used for referencing the journal namespace. Service units may be
+ assigned to a specific journal namespace through the <varname>LogNamespace=</varname> unit file setting,
+ see <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
+ details. The <option>--namespace=</option> switch of
+ <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> may be
+ used to view the log stream of a specific namespace. If the switch is not used the log stream of the
+ default namespace is shown, i.e. log data from other namespaces is not visible.</para>
+
+ <para>Services associated with a specific log namespace may log via syslog, the native logging protocol
+ of the journal and via stdout/stderr; the logging from all three transports is associated with the
+ namespace.</para>
+
+ <para>By default only the default namespace will collect kernel and audit log messages.</para>
+
+ <para>The <command>systemd-journald</command> instance of the default namespace is configured through
+ <filename>/etc/systemd/journald.conf</filename> (see below), while the other instances are configured
+ through <filename>/etc/systemd/journald@<replaceable>NAMESPACE</replaceable>.conf</filename>. The journal
+ log data for the default namespace is placed in
+ <filename>/var/log/journal/<replaceable>MACHINE_ID</replaceable></filename> (see below) while the data
+ for the other namespaces is located in
+ <filename>/var/log/journal/<replaceable>MACHINE_ID</replaceable>.<replaceable>NAMESPACE</replaceable></filename>.</para>
+ </refsect1>
+
<refsect1>
<title>Signals</title>
<listitem><para>Request that journal data from <filename>/run/</filename> is flushed to
<filename>/var/</filename> in order to make it persistent (if this is enabled). This must be used
- after <filename>/var/</filename> is mounted, as otherwise log data from <filename>/run</filename> is
- never flushed to <filename>/var</filename> regardless of the configuration. Use the
+ after <filename>/var/</filename> is mounted, as otherwise log data from <filename>/run/</filename> is
+ never flushed to <filename>/var/</filename> regardless of the configuration. Use the
<command>journalctl --flush</command> command to request flushing of the journal files, and wait for
the operation to complete. See
<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> for
- details.</para></listitem>
+ details.</para>
+
+ <xi:include href="version-info.xml" xpointer="v186"/></listitem>
</varlistentry>
<varlistentry>
<listitem><para>Request immediate rotation of the journal files. Use the <command>journalctl
--rotate</command> command to request journal file rotation, and wait for the operation to
- complete.</para></listitem>
+ complete.</para>
+
+ <xi:include href="version-info.xml" xpointer="v186"/></listitem>
</varlistentry>
<varlistentry>
<listitem><para>Request that all unwritten log data is written to disk. Use the <command>journalctl
--sync</command> command to trigger journal synchronization, and wait for the operation to
- complete.</para></listitem>
+ complete.</para>
+
+ <xi:include href="version-info.xml" xpointer="v228"/></listitem>
</varlistentry>
</variablelist>
</refsect1>
<para>See
<citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for information about these settings.</para>
+
+ <xi:include href="version-info.xml" xpointer="v186"/>
</listitem>
</varlistentry>
</variablelist>
+
+ <para>Note that these kernel command line options are only honoured by the default namespace, see
+ above.</para>
</refsect1>
<refsect1>
<listitem><para>Configure <command>systemd-journald</command> behavior. See
<citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
- </para></listitem>
+ </para>
+
+ <xi:include href="version-info.xml" xpointer="v206"/></listitem>
</varlistentry>
<varlistentry>
stopped uncleanly, or if the files are found to be corrupted,
they are renamed using the <literal>.journal~</literal>
suffix, and <command>systemd-journald</command> starts writing
- to a new file. <filename>/run</filename> is used when
+ to a new file. <filename>/run/</filename> is used when
<filename>/var/log/journal</filename> is not available, or
when <option>Storage=volatile</option> is set in the
<citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
archived journal files to limit disk use. See <varname>SystemMaxUse=</varname>
and related settings in
<citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
- </para></listitem>
+ </para>
+
+ <xi:include href="version-info.xml" xpointer="v206"/></listitem>
</varlistentry>
<varlistentry>
<term><filename>/run/systemd/journal/socket</filename></term>
<term><filename>/run/systemd/journal/stdout</filename></term>
- <listitem><para>Sockets and other paths that
- <command>systemd-journald</command> will listen on that are
- visible in the file system. In addition to these, journald can
- listen for audit events using netlink.</para></listitem>
+ <listitem><para>Sockets and other file node paths that <command>systemd-journald</command> will
+ listen on and are visible in the file system. In addition to these,
+ <command>systemd-journald</command> can listen for audit events using <citerefentry
+ project='man-pages'><refentrytitle>netlink</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
+ depending on whether <literal>systemd-journald-audit.socket</literal> is enabled or
+ not.</para>
+
+ <xi:include href="version-info.xml" xpointer="v228"/></listitem>
</varlistentry>
</variablelist>
+
+ <para>If journal namespacing is used these paths are slightly altered to include a namespace identifier, see above.</para>
</refsect1>
<refsect1>
<citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
<citerefentry><refentrytitle>sd-journal</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-coredump</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
- <citerefentry project='die-net'><refentrytitle>setfacl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry project='man-pages'><refentrytitle>setfacl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>sd_journal_print</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
<command>pydoc systemd.journal</command>
</para>
projects / thirdparty / systemd.git / blobdiff