]>
Commit | Line | Data |
---|---|---|
b47ffcfd | 1 | <?xml version='1.0'?> <!--*-nxml-*--> |
b47ffcfd | 2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" |
12b42c76 | 3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> |
b47ffcfd LP |
4 | |
5 | <!-- | |
572eb058 | 6 | SPDX-License-Identifier: LGPL-2.1+ |
b47ffcfd LP |
7 | --> |
8 | ||
a9edaeff | 9 | <refentry id="journald.conf" |
798d3a52 ZJS |
10 | xmlns:xi="http://www.w3.org/2001/XInclude"> |
11 | <refentryinfo> | |
12 | <title>journald.conf</title> | |
13 | <productname>systemd</productname> | |
798d3a52 ZJS |
14 | </refentryinfo> |
15 | ||
16 | <refmeta> | |
17 | <refentrytitle>journald.conf</refentrytitle> | |
18 | <manvolnum>5</manvolnum> | |
19 | </refmeta> | |
20 | ||
21 | <refnamediv> | |
22 | <refname>journald.conf</refname> | |
23 | <refname>journald.conf.d</refname> | |
24 | <refpurpose>Journal service configuration files</refpurpose> | |
25 | </refnamediv> | |
26 | ||
27 | <refsynopsisdiv> | |
12b42c76 TG |
28 | <para><filename>/etc/systemd/journald.conf</filename></para> |
29 | <para><filename>/etc/systemd/journald.conf.d/*.conf</filename></para> | |
798d3a52 | 30 | <para><filename>/run/systemd/journald.conf.d/*.conf</filename></para> |
12b42c76 | 31 | <para><filename>/usr/lib/systemd/journald.conf.d/*.conf</filename></para> |
798d3a52 ZJS |
32 | </refsynopsisdiv> |
33 | ||
34 | <refsect1> | |
35 | <title>Description</title> | |
36 | ||
0f943ae4 ZJS |
37 | <para>These files configure various parameters of the systemd journal service, |
38 | <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>. | |
39 | See | |
40 | <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
41 | for a general description of the syntax.</para> | |
798d3a52 ZJS |
42 | |
43 | </refsect1> | |
44 | ||
e93549ef | 45 | <xi:include href="standard-conf.xml" xpointer="main-conf" /> |
798d3a52 ZJS |
46 | |
47 | <refsect1> | |
48 | <title>Options</title> | |
49 | ||
50 | <para>All options are configured in the | |
51 | <literal>[Journal]</literal> section:</para> | |
52 | ||
53 | <variablelist> | |
54 | ||
55 | <varlistentry> | |
56 | <term><varname>Storage=</varname></term> | |
57 | ||
58 | <listitem><para>Controls where to store journal data. One of | |
59 | <literal>volatile</literal>, | |
60 | <literal>persistent</literal>, | |
61 | <literal>auto</literal> and | |
62 | <literal>none</literal>. If | |
63 | <literal>volatile</literal>, journal | |
64 | log data will be stored only in memory, i.e. below the | |
65 | <filename>/run/log/journal</filename> hierarchy (which is | |
66 | created if needed). If <literal>persistent</literal>, data | |
67 | will be stored preferably on disk, i.e. below the | |
68 | <filename>/var/log/journal</filename> hierarchy (which is | |
69 | created if needed), with a fallback to | |
70 | <filename>/run/log/journal</filename> (which is created if | |
71 | needed), during early boot and if the disk is not writable. | |
72 | <literal>auto</literal> is similar to | |
73 | <literal>persistent</literal> but the directory | |
74 | <filename>/var/log/journal</filename> is not created if | |
75 | needed, so that its existence controls where log data goes. | |
76 | <literal>none</literal> turns off all storage, all log data | |
77 | received will be dropped. Forwarding to other targets, such as | |
589532d0 | 78 | the console, the kernel log buffer, or a syslog socket will |
798d3a52 ZJS |
79 | still work however. Defaults to |
80 | <literal>auto</literal>.</para></listitem> | |
81 | </varlistentry> | |
82 | ||
83 | <varlistentry> | |
84 | <term><varname>Compress=</varname></term> | |
85 | ||
1b7cf0e5 AG |
86 | <listitem><para>Can take a boolean value. If enabled (the |
87 | default), data objects that shall be stored in the journal | |
88 | and are larger than the default threshold of 512 bytes are | |
89 | compressed before they are written to the file system. It | |
90 | can also be set to a number of bytes to specify the | |
91 | compression threshold directly. Suffixes like K, M, and G | |
92 | can be used to specify larger units.</para></listitem> | |
798d3a52 ZJS |
93 | </varlistentry> |
94 | ||
95 | <varlistentry> | |
96 | <term><varname>Seal=</varname></term> | |
97 | ||
98 | <listitem><para>Takes a boolean value. If enabled (the | |
99 | default), and a sealing key is available (as created by | |
100 | <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s | |
101 | <option>--setup-keys</option> command), Forward Secure Sealing | |
102 | (FSS) for all persistent journal files is enabled. FSS is | |
103 | based on <ulink | |
104 | url="https://eprint.iacr.org/2013/397">Seekable Sequential Key | |
105 | Generators</ulink> by G. A. Marson and B. Poettering | |
106 | (doi:10.1007/978-3-642-40203-6_7) and may be used to protect | |
107 | journal files from unnoticed alteration.</para></listitem> | |
108 | </varlistentry> | |
109 | ||
110 | <varlistentry> | |
111 | <term><varname>SplitMode=</varname></term> | |
112 | ||
76153ad4 ZJS |
113 | <listitem><para>Controls whether to split up journal files per user, either <literal>uid</literal> or |
114 | <literal>none</literal>. Split journal files are primarily useful for access control: on UNIX/Linux access | |
115 | control is managed per file, and the journal daemon will assign users read access to their journal files. If | |
116 | <literal>uid</literal>, all regular users will each get their own journal files, and system users will log to | |
117 | the system journal. If <literal>none</literal>, journal files are not split up by user and all messages are | |
118 | instead stored in the single system journal. In this mode unprivileged users generally do not have access to | |
119 | their own log data. Note that splitting up journal files by user is only available for journals stored | |
120 | persistently. If journals are stored on volatile storage (see <varname>Storage=</varname> above), only a single | |
121 | journal file is used. Defaults to <literal>uid</literal>.</para></listitem> | |
798d3a52 ZJS |
122 | </varlistentry> |
123 | ||
124 | <varlistentry> | |
f0367da7 | 125 | <term><varname>RateLimitIntervalSec=</varname></term> |
798d3a52 ZJS |
126 | <term><varname>RateLimitBurst=</varname></term> |
127 | ||
128 | <listitem><para>Configures the rate limiting that is applied | |
129 | to all messages generated on the system. If, in the time | |
f0367da7 | 130 | interval defined by <varname>RateLimitIntervalSec=</varname>, |
798d3a52 ZJS |
131 | more messages than specified in |
132 | <varname>RateLimitBurst=</varname> are logged by a service, | |
133 | all further messages within the interval are dropped until the | |
134 | interval is over. A message about the number of dropped | |
135 | messages is generated. This rate limiting is applied | |
136 | per-service, so that two services which log do not interfere | |
3de8ff5a | 137 | with each other's limits. Defaults to 10000 messages in 30s. |
798d3a52 | 138 | The time specification for |
f0367da7 | 139 | <varname>RateLimitIntervalSec=</varname> may be specified in the |
798d3a52 ZJS |
140 | following units: <literal>s</literal>, <literal>min</literal>, |
141 | <literal>h</literal>, <literal>ms</literal>, | |
142 | <literal>us</literal>. To turn off any kind of rate limiting, | |
143 | set either value to 0.</para></listitem> | |
144 | </varlistentry> | |
145 | ||
146 | <varlistentry> | |
147 | <term><varname>SystemMaxUse=</varname></term> | |
148 | <term><varname>SystemKeepFree=</varname></term> | |
149 | <term><varname>SystemMaxFileSize=</varname></term> | |
8580d1f7 | 150 | <term><varname>SystemMaxFiles=</varname></term> |
798d3a52 ZJS |
151 | <term><varname>RuntimeMaxUse=</varname></term> |
152 | <term><varname>RuntimeKeepFree=</varname></term> | |
153 | <term><varname>RuntimeMaxFileSize=</varname></term> | |
8580d1f7 | 154 | <term><varname>RuntimeMaxFiles=</varname></term> |
798d3a52 ZJS |
155 | |
156 | <listitem><para>Enforce size limits on the journal files | |
157 | stored. The options prefixed with <literal>System</literal> | |
158 | apply to the journal files when stored on a persistent file | |
159 | system, more specifically | |
160 | <filename>/var/log/journal</filename>. The options prefixed | |
161 | with <literal>Runtime</literal> apply to the journal files | |
162 | when stored on a volatile in-memory file system, more | |
163 | specifically <filename>/run/log/journal</filename>. The former | |
164 | is used only when <filename>/var</filename> is mounted, | |
165 | writable, and the directory | |
166 | <filename>/var/log/journal</filename> exists. Otherwise, only | |
167 | the latter applies. Note that this means that during early | |
168 | boot and if the administrator disabled persistent logging, | |
169 | only the latter options apply, while the former apply if | |
170 | persistent logging is enabled and the system is fully booted | |
171 | up. <command>journalctl</command> and | |
172 | <command>systemd-journald</command> ignore all files with | |
173 | names not ending with <literal>.journal</literal> or | |
174 | <literal>.journal~</literal>, so only such files, located in | |
175 | the appropriate directories, are taken into account when | |
8580d1f7 | 176 | calculating current disk usage.</para> |
798d3a52 ZJS |
177 | |
178 | <para><varname>SystemMaxUse=</varname> and | |
179 | <varname>RuntimeMaxUse=</varname> control how much disk space | |
a8eaaee7 | 180 | the journal may use up at most. |
798d3a52 ZJS |
181 | <varname>SystemKeepFree=</varname> and |
182 | <varname>RuntimeKeepFree=</varname> control how much disk | |
183 | space systemd-journald shall leave free for other uses. | |
184 | <command>systemd-journald</command> will respect both limits | |
185 | and use the smaller of the two values.</para> | |
186 | ||
187 | <para>The first pair defaults to 10% and the second to 15% of | |
32252660 LP |
188 | the size of the respective file system, but each value is |
189 | capped to 4G. If the file system is nearly full and either | |
190 | <varname>SystemKeepFree=</varname> or | |
8580d1f7 LP |
191 | <varname>RuntimeKeepFree=</varname> are violated when |
192 | systemd-journald is started, the limit will be raised to the | |
798d3a52 ZJS |
193 | percentage that is actually free. This means that if there was |
194 | enough free space before and journal files were created, and | |
195 | subsequently something else causes the file system to fill up, | |
196 | journald will stop using more space, but it will not be | |
a8eaaee7 | 197 | removing existing files to reduce the footprint again, |
1a0d353b MK |
198 | either. Also note that only archived files are deleted to reduce the |
199 | space occupied by journal files. This means that, in effect, there might | |
200 | still be more space used than <varname>SystemMaxUse=</varname> or | |
201 | <varname>RuntimeMaxUse=</varname> limit after a vacuuming operation is | |
202 | complete.</para> | |
798d3a52 | 203 | |
589532d0 ZJS |
204 | <para><varname>SystemMaxFileSize=</varname> and |
205 | <varname>RuntimeMaxFileSize=</varname> control how large | |
a8eaaee7 | 206 | individual journal files may grow at most. This influences |
589532d0 ZJS |
207 | the granularity in which disk space is made available through |
208 | rotation, i.e. deletion of historic data. Defaults to one | |
209 | eighth of the values configured with | |
798d3a52 | 210 | <varname>SystemMaxUse=</varname> and |
589532d0 | 211 | <varname>RuntimeMaxUse=</varname>, so that usually seven |
8580d1f7 | 212 | rotated journal files are kept as history.</para> |
b6872d3a JS |
213 | |
214 | <para>Specify values in bytes or use K, M, G, T, P, E as | |
1eecafb8 | 215 | units for the specified sizes (equal to 1024, 1024², … bytes). |
b6872d3a JS |
216 | Note that size limits are enforced synchronously when journal |
217 | files are extended, and no explicit rotation step triggered by | |
218 | time is needed.</para> | |
8580d1f7 LP |
219 | |
220 | <para><varname>SystemMaxFiles=</varname> and | |
221 | <varname>RuntimeMaxFiles=</varname> control how many | |
a8eaaee7 | 222 | individual journal files to keep at most. Note that only |
8580d1f7 LP |
223 | archived files are deleted to reduce the number of files until |
224 | this limit is reached; active files will stay around. This | |
b938cb90 | 225 | means that, in effect, there might still be more journal files |
8580d1f7 LP |
226 | around in total than this limit after a vacuuming operation is |
227 | complete. This setting defaults to 100.</para></listitem> | |
798d3a52 ZJS |
228 | </varlistentry> |
229 | ||
230 | <varlistentry> | |
231 | <term><varname>MaxFileSec=</varname></term> | |
232 | ||
233 | <listitem><para>The maximum time to store entries in a single | |
234 | journal file before rotating to the next one. Normally, | |
235 | time-based rotation should not be required as size-based | |
236 | rotation with options such as | |
237 | <varname>SystemMaxFileSize=</varname> should be sufficient to | |
238 | ensure that journal files do not grow without bounds. However, | |
239 | to ensure that not too much data is lost at once when old | |
240 | journal files are deleted, it might make sense to change this | |
241 | value from the default of one month. Set to 0 to turn off this | |
242 | feature. This setting takes time values which may be suffixed | |
243 | with the units <literal>year</literal>, | |
244 | <literal>month</literal>, <literal>week</literal>, | |
245 | <literal>day</literal>, <literal>h</literal> or | |
246 | <literal>m</literal> to override the default time unit of | |
247 | seconds.</para></listitem> | |
248 | </varlistentry> | |
249 | ||
250 | <varlistentry> | |
251 | <term><varname>MaxRetentionSec=</varname></term> | |
252 | ||
253 | <listitem><para>The maximum time to store journal entries. | |
254 | This controls whether journal files containing entries older | |
255 | then the specified time span are deleted. Normally, time-based | |
256 | deletion of old journal files should not be required as | |
257 | size-based deletion with options such as | |
258 | <varname>SystemMaxUse=</varname> should be sufficient to | |
259 | ensure that journal files do not grow without bounds. However, | |
260 | to enforce data retention policies, it might make sense to | |
261 | change this value from the default of 0 (which turns off this | |
262 | feature). This setting also takes time values which may be | |
263 | suffixed with the units <literal>year</literal>, | |
264 | <literal>month</literal>, <literal>week</literal>, | |
265 | <literal>day</literal>, <literal>h</literal> or <literal> | |
266 | m</literal> to override the default time unit of | |
267 | seconds.</para></listitem> | |
268 | </varlistentry> | |
269 | ||
798d3a52 ZJS |
270 | <varlistentry> |
271 | <term><varname>SyncIntervalSec=</varname></term> | |
272 | ||
273 | <listitem><para>The timeout before synchronizing journal files | |
274 | to disk. After syncing, journal files are placed in the | |
275 | OFFLINE state. Note that syncing is unconditionally done | |
276 | immediately after a log message of priority CRIT, ALERT or | |
277 | EMERG has been logged. This setting hence applies only to | |
278 | messages of the levels ERR, WARNING, NOTICE, INFO, DEBUG. The | |
279 | default timeout is 5 minutes. </para></listitem> | |
280 | </varlistentry> | |
281 | ||
282 | <varlistentry> | |
283 | <term><varname>ForwardToSyslog=</varname></term> | |
284 | <term><varname>ForwardToKMsg=</varname></term> | |
285 | <term><varname>ForwardToConsole=</varname></term> | |
286 | <term><varname>ForwardToWall=</varname></term> | |
287 | ||
5707ecf3 ZJS |
288 | <listitem><para>Control whether log messages received by the journal daemon shall |
289 | be forwarded to a traditional syslog daemon, to the kernel log buffer (kmsg), to | |
290 | the system console, or sent as wall messages to all logged-in users. These | |
291 | options take boolean arguments. If forwarding to syslog is enabled but nothing | |
292 | reads messages from the socket, forwarding to syslog has no effect. By default, | |
293 | only forwarding to wall is enabled. These settings may be overridden at boot time | |
294 | with the kernel command line options | |
295 | <literal>systemd.journald.forward_to_syslog</literal>, | |
296 | <literal>systemd.journald.forward_to_kmsg</literal>, | |
297 | <literal>systemd.journald.forward_to_console</literal>, and | |
298 | <literal>systemd.journald.forward_to_wall</literal>. If the option name is | |
299 | specified without <literal>=</literal> and the following argument, true is | |
300 | assumed. Otherwise, the argument is parsed as a boolean. When forwarding to the | |
301 | console, the TTY to log to can be changed with <varname>TTYPath=</varname>, | |
302 | described below.</para></listitem> | |
798d3a52 ZJS |
303 | </varlistentry> |
304 | ||
305 | <varlistentry> | |
306 | <term><varname>MaxLevelStore=</varname></term> | |
307 | <term><varname>MaxLevelSyslog=</varname></term> | |
308 | <term><varname>MaxLevelKMsg=</varname></term> | |
309 | <term><varname>MaxLevelConsole=</varname></term> | |
310 | <term><varname>MaxLevelWall=</varname></term> | |
311 | ||
312 | <listitem><para>Controls the maximum log level of messages | |
313 | that are stored on disk, forwarded to syslog, kmsg, the | |
314 | console or wall (if that is enabled, see above). As argument, | |
315 | takes one of | |
316 | <literal>emerg</literal>, | |
317 | <literal>alert</literal>, | |
318 | <literal>crit</literal>, | |
319 | <literal>err</literal>, | |
320 | <literal>warning</literal>, | |
321 | <literal>notice</literal>, | |
322 | <literal>info</literal>, | |
323 | <literal>debug</literal>, | |
b938cb90 | 324 | or integer values in the range of 0–7 (corresponding to the |
798d3a52 ZJS |
325 | same levels). Messages equal or below the log level specified |
326 | are stored/forwarded, messages above are dropped. Defaults to | |
327 | <literal>debug</literal> for <varname>MaxLevelStore=</varname> | |
328 | and <varname>MaxLevelSyslog=</varname>, to ensure that the all | |
329 | messages are written to disk and forwarded to syslog. Defaults | |
330 | to | |
331 | <literal>notice</literal> for <varname>MaxLevelKMsg=</varname>, | |
332 | <literal>info</literal> for <varname>MaxLevelConsole=</varname>, | |
333 | and <literal>emerg</literal> for | |
863a5610 UTL |
334 | <varname>MaxLevelWall=</varname>. These settings may be |
335 | overridden at boot time with the kernel command line options | |
336 | <literal>systemd.journald.max_level_store=</literal>, | |
337 | <literal>systemd.journald.max_level_syslog=</literal>, | |
338 | <literal>systemd.journald.max_level_kmsg=</literal>, | |
339 | <literal>systemd.journald.max_level_console=</literal>, | |
340 | <literal>systemd.journald.max_level_wall=</literal>.</para> | |
341 | </listitem> | |
798d3a52 ZJS |
342 | </varlistentry> |
343 | ||
b2392ff3 SS |
344 | <varlistentry> |
345 | <term><varname>ReadKMsg=</varname></term> | |
346 | ||
347 | <listitem><para>Takes a boolean value. If enabled (the | |
348 | default), journal reads <filename>/dev/kmsg</filename> | |
349 | messages generated by the kernel.</para></listitem> | |
350 | </varlistentry> | |
351 | ||
798d3a52 ZJS |
352 | <varlistentry> |
353 | <term><varname>TTYPath=</varname></term> | |
354 | ||
355 | <listitem><para>Change the console TTY to use if | |
356 | <varname>ForwardToConsole=yes</varname> is used. Defaults to | |
357 | <filename>/dev/console</filename>.</para></listitem> | |
358 | </varlistentry> | |
359 | ||
ec20fe5f LP |
360 | <varlistentry> |
361 | <term><varname>LineMax=</varname></term> | |
362 | ||
363 | <listitem><para>The maximum line length to permit when converting stream logs into record logs. When a systemd | |
364 | unit's standard output/error are connected to the journal via a stream socket, the data read is split into | |
365 | individual log records at newline (<literal>\n</literal>, ASCII 10) and NUL characters. If no such delimiter is | |
dcfaecc7 | 366 | read for the specified number of bytes a hard log record boundary is artificially inserted, breaking up overly |
ec20fe5f LP |
367 | long lines into multiple log records. Selecting overly large values increases the possible memory usage of the |
368 | Journal daemon for each stream client, as in the worst case the journal daemon needs to buffer the specified | |
369 | number of bytes in memory before it can flush a new log record to disk. Also note that permitting overly large | |
370 | line maximum line lengths affects compatibility with traditional log protocols as log records might not fit | |
371 | anymore into a single <constant>AF_UNIX</constant> or <constant>AF_INET</constant> datagram. Takes a size in | |
372 | bytes. If the value is suffixed with K, M, G or T, the specified size is parsed as Kilobytes, Megabytes, | |
373 | Gigabytes, or Terabytes (with the base 1024), respectively. Defaults to 48K, which is relatively large but | |
374 | still small enough so that log records likely fit into network datagrams along with extra room for | |
375 | metadata. Note that values below 79 are not accepted and will be bumped to 79.</para></listitem> | |
376 | </varlistentry> | |
377 | ||
798d3a52 ZJS |
378 | </variablelist> |
379 | ||
380 | </refsect1> | |
381 | ||
589532d0 ZJS |
382 | <refsect1> |
383 | <title>Forwarding to traditional syslog daemons</title> | |
384 | ||
385 | <para> | |
7703bd4d | 386 | Journal events can be transferred to a different logging daemon |
a8eaaee7 | 387 | in two different ways. With the first method, messages are |
589532d0 ZJS |
388 | immediately forwarded to a socket |
389 | (<filename>/run/systemd/journal/syslog</filename>), where the | |
390 | traditional syslog daemon can read them. This method is | |
a8eaaee7 | 391 | controlled by the <varname>ForwardToSyslog=</varname> option. With a |
589532d0 ZJS |
392 | second method, a syslog daemon behaves like a normal journal |
393 | client, and reads messages from the journal files, similarly to | |
394 | <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>. | |
a8eaaee7 | 395 | With this, messages do not have to be read immediately, |
589532d0 ZJS |
396 | which allows a logging daemon which is only started late in boot |
397 | to access all messages since the start of the system. In | |
398 | addition, full structured meta-data is available to it. This | |
399 | method of course is available only if the messages are stored in | |
7703bd4d | 400 | a journal file at all. So it will not work if |
589532d0 | 401 | <varname>Storage=none</varname> is set. It should be noted that |
7703bd4d | 402 | usually the <emphasis>second</emphasis> method is used by syslog |
589532d0 ZJS |
403 | daemons, so the <varname>Storage=</varname> option, and not the |
404 | <varname>ForwardToSyslog=</varname> option, is relevant for them. | |
405 | </para> | |
406 | </refsect1> | |
407 | ||
798d3a52 ZJS |
408 | <refsect1> |
409 | <title>See Also</title> | |
410 | <para> | |
411 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
412 | <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, | |
413 | <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
414 | <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>, | |
415 | <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
416 | </para> | |
417 | </refsect1> | |
b47ffcfd LP |
418 | |
419 | </refentry> |