]> git.ipfire.org Git - thirdparty/systemd.git/blob - man/journald.conf.xml
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge pull request #246 from smcv/xpg-not-xdg
[thirdparty/systemd.git] / man / journald.conf.xml
1 <?xml version='1.0'?> <!--*-nxml-*-->
2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
4 <!ENTITY % entities SYSTEM "custom-entities.ent" >
5 %entities;
6 ]>
7
8 <!--
9 This file is part of systemd.
10
11 Copyright 2010 Lennart Poettering
12
13 systemd is free software; you can redistribute it and/or modify it
14 under the terms of the GNU Lesser General Public License as published by
15 the Free Software Foundation; either version 2.1 of the License, or
16 (at your option) any later version.
17
18 systemd is distributed in the hope that it will be useful, but
19 WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 Lesser General Public License for more details.
22
23 You should have received a copy of the GNU Lesser General Public License
24 along with systemd; If not, see <http://www.gnu.org/licenses/>.
25 -->
26
27 <refentry id="journald.conf"
28 xmlns:xi="http://www.w3.org/2001/XInclude">
29 <refentryinfo>
30 <title>journald.conf</title>
31 <productname>systemd</productname>
32
33 <authorgroup>
34 <author>
35 <contrib>Developer</contrib>
36 <firstname>Lennart</firstname>
37 <surname>Poettering</surname>
38 <email>lennart@poettering.net</email>
39 </author>
40 </authorgroup>
41 </refentryinfo>
42
43 <refmeta>
44 <refentrytitle>journald.conf</refentrytitle>
45 <manvolnum>5</manvolnum>
46 </refmeta>
47
48 <refnamediv>
49 <refname>journald.conf</refname>
50 <refname>journald.conf.d</refname>
51 <refpurpose>Journal service configuration files</refpurpose>
52 </refnamediv>
53
54 <refsynopsisdiv>
55 <para><filename>&pkgsysconfdir;/journald.conf</filename></para>
56 <para><filename>&pkgsysconfdir;/journald.conf.d/*.conf</filename></para>
57 <para><filename>/run/systemd/journald.conf.d/*.conf</filename></para>
58 <para><filename>&rootlibexecdir;/journald.conf.d/*.conf</filename></para>
59 </refsynopsisdiv>
60
61 <refsect1>
62 <title>Description</title>
63
64 <para>These files configure various parameters of the systemd
65 journal service,
66 <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
67
68 </refsect1>
69
70 <xi:include href="standard-conf.xml" xpointer="main-conf" />
71
72 <refsect1>
73 <title>Options</title>
74
75 <para>All options are configured in the
76 <literal>[Journal]</literal> section:</para>
77
78 <variablelist>
79
80 <varlistentry>
81 <term><varname>Storage=</varname></term>
82
83 <listitem><para>Controls where to store journal data. One of
84 <literal>volatile</literal>,
85 <literal>persistent</literal>,
86 <literal>auto</literal> and
87 <literal>none</literal>. If
88 <literal>volatile</literal>, journal
89 log data will be stored only in memory, i.e. below the
90 <filename>/run/log/journal</filename> hierarchy (which is
91 created if needed). If <literal>persistent</literal>, data
92 will be stored preferably on disk, i.e. below the
93 <filename>/var/log/journal</filename> hierarchy (which is
94 created if needed), with a fallback to
95 <filename>/run/log/journal</filename> (which is created if
96 needed), during early boot and if the disk is not writable.
97 <literal>auto</literal> is similar to
98 <literal>persistent</literal> but the directory
99 <filename>/var/log/journal</filename> is not created if
100 needed, so that its existence controls where log data goes.
101 <literal>none</literal> turns off all storage, all log data
102 received will be dropped. Forwarding to other targets, such as
103 the console, the kernel log buffer, or a syslog socket will
104 still work however. Defaults to
105 <literal>auto</literal>.</para></listitem>
106 </varlistentry>
107
108 <varlistentry>
109 <term><varname>Compress=</varname></term>
110
111 <listitem><para>Takes a boolean value. If enabled (the
112 default), data objects that shall be stored in the journal and
113 are larger than a certain threshold are compressed before they
114 are written to the file system.</para></listitem>
115 </varlistentry>
116
117 <varlistentry>
118 <term><varname>Seal=</varname></term>
119
120 <listitem><para>Takes a boolean value. If enabled (the
121 default), and a sealing key is available (as created by
122 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
123 <option>--setup-keys</option> command), Forward Secure Sealing
124 (FSS) for all persistent journal files is enabled. FSS is
125 based on <ulink
126 url="https://eprint.iacr.org/2013/397">Seekable Sequential Key
127 Generators</ulink> by G. A. Marson and B. Poettering
128 (doi:10.1007/978-3-642-40203-6_7) and may be used to protect
129 journal files from unnoticed alteration.</para></listitem>
130 </varlistentry>
131
132 <varlistentry>
133 <term><varname>SplitMode=</varname></term>
134
135 <listitem><para>Controls whether to split up journal files per
136 user. One of <literal>uid</literal>, <literal>login</literal>
137 and <literal>none</literal>. If <literal>uid</literal>, all
138 users will get each their own journal files regardless of
139 whether they possess a login session or not, however system
140 users will log into the system journal. If
141 <literal>login</literal>, actually logged-in users will get
142 each their own journal files, but users without login session
143 and system users will log into the system journal. If
144 <literal>none</literal>, journal files are not split up by
145 user and all messages are instead stored in the single system
146 journal. Note that splitting up journal files by user is only
147 available for journals stored persistently. If journals are
148 stored on volatile storage (see above), only a single journal
149 file for all user IDs is kept. Defaults to
150 <literal>uid</literal>.</para></listitem>
151 </varlistentry>
152
153 <varlistentry>
154 <term><varname>RateLimitInterval=</varname></term>
155 <term><varname>RateLimitBurst=</varname></term>
156
157 <listitem><para>Configures the rate limiting that is applied
158 to all messages generated on the system. If, in the time
159 interval defined by <varname>RateLimitInterval=</varname>,
160 more messages than specified in
161 <varname>RateLimitBurst=</varname> are logged by a service,
162 all further messages within the interval are dropped until the
163 interval is over. A message about the number of dropped
164 messages is generated. This rate limiting is applied
165 per-service, so that two services which log do not interfere
166 with each other's limits. Defaults to 1000 messages in 30s.
167 The time specification for
168 <varname>RateLimitInterval=</varname> may be specified in the
169 following units: <literal>s</literal>, <literal>min</literal>,
170 <literal>h</literal>, <literal>ms</literal>,
171 <literal>us</literal>. To turn off any kind of rate limiting,
172 set either value to 0.</para></listitem>
173 </varlistentry>
174
175 <varlistentry>
176 <term><varname>SystemMaxUse=</varname></term>
177 <term><varname>SystemKeepFree=</varname></term>
178 <term><varname>SystemMaxFileSize=</varname></term>
179 <term><varname>RuntimeMaxUse=</varname></term>
180 <term><varname>RuntimeKeepFree=</varname></term>
181 <term><varname>RuntimeMaxFileSize=</varname></term>
182
183 <listitem><para>Enforce size limits on the journal files
184 stored. The options prefixed with <literal>System</literal>
185 apply to the journal files when stored on a persistent file
186 system, more specifically
187 <filename>/var/log/journal</filename>. The options prefixed
188 with <literal>Runtime</literal> apply to the journal files
189 when stored on a volatile in-memory file system, more
190 specifically <filename>/run/log/journal</filename>. The former
191 is used only when <filename>/var</filename> is mounted,
192 writable, and the directory
193 <filename>/var/log/journal</filename> exists. Otherwise, only
194 the latter applies. Note that this means that during early
195 boot and if the administrator disabled persistent logging,
196 only the latter options apply, while the former apply if
197 persistent logging is enabled and the system is fully booted
198 up. <command>journalctl</command> and
199 <command>systemd-journald</command> ignore all files with
200 names not ending with <literal>.journal</literal> or
201 <literal>.journal~</literal>, so only such files, located in
202 the appropriate directories, are taken into account when
203 calculating current disk usage.
204 </para>
205
206 <para><varname>SystemMaxUse=</varname> and
207 <varname>RuntimeMaxUse=</varname> control how much disk space
208 the journal may use up at maximum.
209 <varname>SystemKeepFree=</varname> and
210 <varname>RuntimeKeepFree=</varname> control how much disk
211 space systemd-journald shall leave free for other uses.
212 <command>systemd-journald</command> will respect both limits
213 and use the smaller of the two values.</para>
214
215 <para>The first pair defaults to 10% and the second to 15% of
216 the size of the respective file system. If the file system is
217 nearly full and either <varname>SystemKeepFree=</varname> or
218 <varname>RuntimeKeepFree=</varname> is violated when
219 systemd-journald is started, the value will be raised to
220 percentage that is actually free. This means that if there was
221 enough free space before and journal files were created, and
222 subsequently something else causes the file system to fill up,
223 journald will stop using more space, but it will not be
224 removing existing files to go reduce footprint either.</para>
225
226 <para><varname>SystemMaxFileSize=</varname> and
227 <varname>RuntimeMaxFileSize=</varname> control how large
228 individual journal files may grow at maximum. This influences
229 the granularity in which disk space is made available through
230 rotation, i.e. deletion of historic data. Defaults to one
231 eighth of the values configured with
232 <varname>SystemMaxUse=</varname> and
233 <varname>RuntimeMaxUse=</varname>, so that usually seven
234 rotated journal files are kept as history.</para></listitem>
235
236 <para>Specify values in bytes or use K, M, G, T, P, E as
237 units for the specified sizes (equal to 1024, 1024²,... bytes).
238 Note that size limits are enforced synchronously when journal
239 files are extended, and no explicit rotation step triggered by
240 time is needed.</para>
241 </varlistentry>
242
243 <varlistentry>
244 <term><varname>MaxFileSec=</varname></term>
245
246 <listitem><para>The maximum time to store entries in a single
247 journal file before rotating to the next one. Normally,
248 time-based rotation should not be required as size-based
249 rotation with options such as
250 <varname>SystemMaxFileSize=</varname> should be sufficient to
251 ensure that journal files do not grow without bounds. However,
252 to ensure that not too much data is lost at once when old
253 journal files are deleted, it might make sense to change this
254 value from the default of one month. Set to 0 to turn off this
255 feature. This setting takes time values which may be suffixed
256 with the units <literal>year</literal>,
257 <literal>month</literal>, <literal>week</literal>,
258 <literal>day</literal>, <literal>h</literal> or
259 <literal>m</literal> to override the default time unit of
260 seconds.</para></listitem>
261 </varlistentry>
262
263 <varlistentry>
264 <term><varname>MaxRetentionSec=</varname></term>
265
266 <listitem><para>The maximum time to store journal entries.
267 This controls whether journal files containing entries older
268 then the specified time span are deleted. Normally, time-based
269 deletion of old journal files should not be required as
270 size-based deletion with options such as
271 <varname>SystemMaxUse=</varname> should be sufficient to
272 ensure that journal files do not grow without bounds. However,
273 to enforce data retention policies, it might make sense to
274 change this value from the default of 0 (which turns off this
275 feature). This setting also takes time values which may be
276 suffixed with the units <literal>year</literal>,
277 <literal>month</literal>, <literal>week</literal>,
278 <literal>day</literal>, <literal>h</literal> or <literal>
279 m</literal> to override the default time unit of
280 seconds.</para></listitem>
281 </varlistentry>
282
283
284 <varlistentry>
285 <term><varname>SyncIntervalSec=</varname></term>
286
287 <listitem><para>The timeout before synchronizing journal files
288 to disk. After syncing, journal files are placed in the
289 OFFLINE state. Note that syncing is unconditionally done
290 immediately after a log message of priority CRIT, ALERT or
291 EMERG has been logged. This setting hence applies only to
292 messages of the levels ERR, WARNING, NOTICE, INFO, DEBUG. The
293 default timeout is 5 minutes. </para></listitem>
294 </varlistentry>
295
296 <varlistentry>
297 <term><varname>ForwardToSyslog=</varname></term>
298 <term><varname>ForwardToKMsg=</varname></term>
299 <term><varname>ForwardToConsole=</varname></term>
300 <term><varname>ForwardToWall=</varname></term>
301
302 <listitem><para>Control whether log messages received by the
303 journal daemon shall be forwarded to a traditional syslog
304 daemon, to the kernel log buffer (kmsg), to the system
305 console, or sent as wall messages to all logged-in users.
306 These options take boolean arguments. If forwarding to syslog
307 is enabled but nothing reads messages from the socket,
308 forwarding to syslog has no effect. By default, only
309 forwarding to wall is enabled. These settings may be
310 overridden at boot time with the kernel command line options
311 <literal>systemd.journald.forward_to_syslog=</literal>,
312 <literal>systemd.journald.forward_to_kmsg=</literal>,
313 <literal>systemd.journald.forward_to_console=</literal>, and
314 <literal>systemd.journald.forward_to_wall=</literal>. When
315 forwarding to the console, the TTY to log to can be changed
316 with <varname>TTYPath=</varname>, described
317 below.</para></listitem>
318 </varlistentry>
319
320 <varlistentry>
321 <term><varname>MaxLevelStore=</varname></term>
322 <term><varname>MaxLevelSyslog=</varname></term>
323 <term><varname>MaxLevelKMsg=</varname></term>
324 <term><varname>MaxLevelConsole=</varname></term>
325 <term><varname>MaxLevelWall=</varname></term>
326
327 <listitem><para>Controls the maximum log level of messages
328 that are stored on disk, forwarded to syslog, kmsg, the
329 console or wall (if that is enabled, see above). As argument,
330 takes one of
331 <literal>emerg</literal>,
332 <literal>alert</literal>,
333 <literal>crit</literal>,
334 <literal>err</literal>,
335 <literal>warning</literal>,
336 <literal>notice</literal>,
337 <literal>info</literal>,
338 <literal>debug</literal>,
339 or integer values in the range of 0..7 (corresponding to the
340 same levels). Messages equal or below the log level specified
341 are stored/forwarded, messages above are dropped. Defaults to
342 <literal>debug</literal> for <varname>MaxLevelStore=</varname>
343 and <varname>MaxLevelSyslog=</varname>, to ensure that the all
344 messages are written to disk and forwarded to syslog. Defaults
345 to
346 <literal>notice</literal> for <varname>MaxLevelKMsg=</varname>,
347 <literal>info</literal> for <varname>MaxLevelConsole=</varname>,
348 and <literal>emerg</literal> for
349 <varname>MaxLevelWall=</varname>.</para></listitem>
350 </varlistentry>
351
352 <varlistentry>
353 <term><varname>TTYPath=</varname></term>
354
355 <listitem><para>Change the console TTY to use if
356 <varname>ForwardToConsole=yes</varname> is used. Defaults to
357 <filename>/dev/console</filename>.</para></listitem>
358 </varlistentry>
359
360 </variablelist>
361
362 </refsect1>
363
364 <refsect1>
365 <title>Forwarding to traditional syslog daemons</title>
366
367 <para>
368 Journal events can be transferred to a different logging daemon
369 in two different ways. In the first method, messages are
370 immediately forwarded to a socket
371 (<filename>/run/systemd/journal/syslog</filename>), where the
372 traditional syslog daemon can read them. This method is
373 controlled by <varname>ForwardToSyslog=</varname> option. In a
374 second method, a syslog daemon behaves like a normal journal
375 client, and reads messages from the journal files, similarly to
376 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
377 In this method, messages do not have to be read immediately,
378 which allows a logging daemon which is only started late in boot
379 to access all messages since the start of the system. In
380 addition, full structured meta-data is available to it. This
381 method of course is available only if the messages are stored in
382 a journal file at all. So it will not work if
383 <varname>Storage=none</varname> is set. It should be noted that
384 usually the <emphasis>second</emphasis> method is used by syslog
385 daemons, so the <varname>Storage=</varname> option, and not the
386 <varname>ForwardToSyslog=</varname> option, is relevant for them.
387 </para>
388 </refsect1>
389
390 <refsect1>
391 <title>See Also</title>
392 <para>
393 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
394 <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
395 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
396 <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
397 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
398 </para>
399 </refsect1>
400
401 </refentry>
Unnamed repository; edit this file 'description' to name the repository.