]>
Commit | Line | Data |
---|---|---|
f47781d8 MP |
1 | <html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>journald.conf</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><style> |
2 | a.headerlink { | |
3 | color: #c60f0f; | |
4 | font-size: 0.8em; | |
5 | padding: 0 4px 0 4px; | |
6 | text-decoration: none; | |
7 | visibility: hidden; | |
8 | } | |
9 | ||
10 | a.headerlink:hover { | |
11 | background-color: #c60f0f; | |
12 | color: white; | |
13 | } | |
14 | ||
15 | h1:hover > a.headerlink, h2:hover > a.headerlink, h3:hover > a.headerlink, dt:hover > a.headerlink { | |
16 | visibility: visible; | |
17 | } | |
18 | </style><a href="index.html">Index </a>· | |
19 | <a href="systemd.directives.html">Directives </a>· | |
20 | <a href="../python-systemd/index.html">Python </a>· | |
21 | <a href="../libudev/index.html">libudev </a>· | |
e3bff60a | 22 | <a href="../libudev/index.html">gudev </a><span style="float:right">systemd 220</span><hr><div class="refentry"><a name="journald.conf"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>journald.conf, journald.conf.d — Journal service configuration files</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><p><code class="filename">/etc/systemd/journald.conf</code></p><p><code class="filename">/etc/systemd/journald.conf.d/*.conf</code></p><p><code class="filename">/run/systemd/journald.conf.d/*.conf</code></p><p><code class="filename">/usr/lib/systemd/journald.conf.d/*.conf</code></p></div><div class="refsect1"><a name="idm139651278486960"></a><h2 id="Description">Description<a class="headerlink" title="Permalink to this headline" href="#Description">¶</a></h2><p>These files configure various parameters of the systemd |
e735f4d4 | 23 | journal service, |
e3bff60a MP |
24 | <a href="systemd-journald.service.html"><span class="citerefentry"><span class="refentrytitle">systemd-journald.service</span>(8)</span></a>.</p></div><div class="refsection"><a name="main-conf"></a><h2>Configuration Directories and Precedence</h2><p>Default configuration is defined during compilation, so a |
25 | configuration file is only needed when it is necessary to deviate | |
26 | from those defaults. By default the configuration file in | |
27 | <code class="filename">/etc/systemd/</code> contains commented out entries | |
28 | showing the defaults as a guide to the administrator. This file | |
29 | can be edited to create local overrides. | |
30 | </p><p>When packages need to customize the configuration, they can | |
31 | install configuration snippets in | |
32 | <code class="filename">/usr/lib/systemd/*.conf.d/</code>. Files in | |
33 | <code class="filename">/etc/</code> are reserved for the local | |
34 | administrator, who may use this logic to override the | |
35 | configuration files installed by vendor packages. The main | |
36 | configuration file is read before any of the configuration | |
37 | directories, and has the lowest precedence; entries in a file in | |
38 | any configuration directory override entries in the single | |
39 | configuration file. Files in the | |
40 | <code class="filename">*.conf.d/</code> configuration subdirectories | |
41 | are sorted by their filename in lexicographic order, regardless of | |
42 | which of the subdirectories they reside in. If multiple files | |
43 | specify the same option, the entry in the file with the | |
44 | lexicographically latest name takes precedence. It is recommended | |
45 | to prefix all filenames in those subdirectories with a two-digit | |
46 | number and a dash, to simplify the ordering of the files.</p><p>To disable a configuration file supplied by the vendor, the | |
47 | recommended way is to place a symlink to | |
f47781d8 MP |
48 | <code class="filename">/dev/null</code> in the configuration directory in |
49 | <code class="filename">/etc/</code>, with the same filename as the vendor | |
e3bff60a | 50 | configuration file.</p></div><div class="refsect1"><a name="idm139651273530096"></a><h2 id="Options">Options<a class="headerlink" title="Permalink to this headline" href="#Options">¶</a></h2><p>All options are configured in the |
e735f4d4 MP |
51 | "<code class="literal">[Journal]</code>" section:</p><div class="variablelist"><dl class="variablelist"><dt id="Storage="><span class="term"><code class="varname">Storage=</code></span><a class="headerlink" title="Permalink to this term" href="#Storage=">¶</a></dt><dd><p>Controls where to store journal data. One of |
52 | "<code class="literal">volatile</code>", | |
53 | "<code class="literal">persistent</code>", | |
54 | "<code class="literal">auto</code>" and | |
55 | "<code class="literal">none</code>". If | |
56 | "<code class="literal">volatile</code>", journal | |
57 | log data will be stored only in memory, i.e. below the | |
58 | <code class="filename">/run/log/journal</code> hierarchy (which is | |
59 | created if needed). If "<code class="literal">persistent</code>", data | |
60 | will be stored preferably on disk, i.e. below the | |
61 | <code class="filename">/var/log/journal</code> hierarchy (which is | |
62 | created if needed), with a fallback to | |
63 | <code class="filename">/run/log/journal</code> (which is created if | |
64 | needed), during early boot and if the disk is not writable. | |
65 | "<code class="literal">auto</code>" is similar to | |
66 | "<code class="literal">persistent</code>" but the directory | |
67 | <code class="filename">/var/log/journal</code> is not created if | |
68 | needed, so that its existence controls where log data goes. | |
69 | "<code class="literal">none</code>" turns off all storage, all log data | |
70 | received will be dropped. Forwarding to other targets, such as | |
e3bff60a | 71 | the console, the kernel log buffer, or a syslog socket will |
e735f4d4 MP |
72 | still work however. Defaults to |
73 | "<code class="literal">auto</code>".</p></dd><dt id="Compress="><span class="term"><code class="varname">Compress=</code></span><a class="headerlink" title="Permalink to this term" href="#Compress=">¶</a></dt><dd><p>Takes a boolean value. If enabled (the | |
74 | default), data objects that shall be stored in the journal and | |
75 | are larger than a certain threshold are compressed before they | |
76 | are written to the file system.</p></dd><dt id="Seal="><span class="term"><code class="varname">Seal=</code></span><a class="headerlink" title="Permalink to this term" href="#Seal=">¶</a></dt><dd><p>Takes a boolean value. If enabled (the | |
77 | default), and a sealing key is available (as created by | |
78 | <a href="journalctl.html"><span class="citerefentry"><span class="refentrytitle">journalctl</span>(1)</span></a>'s | |
79 | <code class="option">--setup-keys</code> command), Forward Secure Sealing | |
80 | (FSS) for all persistent journal files is enabled. FSS is | |
81 | based on <a class="ulink" href="https://eprint.iacr.org/2013/397" target="_top">Seekable Sequential Key | |
82 | Generators</a> by G. A. Marson and B. Poettering | |
83 | (doi:10.1007/978-3-642-40203-6_7) and may be used to protect | |
84 | journal files from unnoticed alteration.</p></dd><dt id="SplitMode="><span class="term"><code class="varname">SplitMode=</code></span><a class="headerlink" title="Permalink to this term" href="#SplitMode=">¶</a></dt><dd><p>Controls whether to split up journal files per | |
85 | user. One of "<code class="literal">uid</code>", "<code class="literal">login</code>" | |
86 | and "<code class="literal">none</code>". If "<code class="literal">uid</code>", all | |
87 | users will get each their own journal files regardless of | |
88 | whether they possess a login session or not, however system | |
89 | users will log into the system journal. If | |
90 | "<code class="literal">login</code>", actually logged-in users will get | |
91 | each their own journal files, but users without login session | |
92 | and system users will log into the system journal. If | |
93 | "<code class="literal">none</code>", journal files are not split up by | |
94 | user and all messages are instead stored in the single system | |
95 | journal. Note that splitting up journal files by user is only | |
96 | available for journals stored persistently. If journals are | |
97 | stored on volatile storage (see above), only a single journal | |
98 | file for all user IDs is kept. Defaults to | |
99 | "<code class="literal">uid</code>".</p></dd><dt id="RateLimitInterval="><span class="term"><code class="varname">RateLimitInterval=</code>, </span><span class="term"><code class="varname">RateLimitBurst=</code></span><a class="headerlink" title="Permalink to this term" href="#RateLimitInterval=">¶</a></dt><dd><p>Configures the rate limiting that is applied | |
100 | to all messages generated on the system. If, in the time | |
101 | interval defined by <code class="varname">RateLimitInterval=</code>, | |
102 | more messages than specified in | |
103 | <code class="varname">RateLimitBurst=</code> are logged by a service, | |
104 | all further messages within the interval are dropped until the | |
105 | interval is over. A message about the number of dropped | |
106 | messages is generated. This rate limiting is applied | |
107 | per-service, so that two services which log do not interfere | |
108 | with each other's limits. Defaults to 1000 messages in 30s. | |
109 | The time specification for | |
110 | <code class="varname">RateLimitInterval=</code> may be specified in the | |
111 | following units: "<code class="literal">s</code>", "<code class="literal">min</code>", | |
112 | "<code class="literal">h</code>", "<code class="literal">ms</code>", | |
113 | "<code class="literal">us</code>". To turn off any kind of rate limiting, | |
114 | set either value to 0.</p></dd><dt id="SystemMaxUse="><span class="term"><code class="varname">SystemMaxUse=</code>, </span><span class="term"><code class="varname">SystemKeepFree=</code>, </span><span class="term"><code class="varname">SystemMaxFileSize=</code>, </span><span class="term"><code class="varname">RuntimeMaxUse=</code>, </span><span class="term"><code class="varname">RuntimeKeepFree=</code>, </span><span class="term"><code class="varname">RuntimeMaxFileSize=</code></span><a class="headerlink" title="Permalink to this term" href="#SystemMaxUse=">¶</a></dt><dd><p>Enforce size limits on the journal files | |
115 | stored. The options prefixed with "<code class="literal">System</code>" | |
116 | apply to the journal files when stored on a persistent file | |
117 | system, more specifically | |
118 | <code class="filename">/var/log/journal</code>. The options prefixed | |
119 | with "<code class="literal">Runtime</code>" apply to the journal files | |
120 | when stored on a volatile in-memory file system, more | |
121 | specifically <code class="filename">/run/log/journal</code>. The former | |
122 | is used only when <code class="filename">/var</code> is mounted, | |
123 | writable, and the directory | |
124 | <code class="filename">/var/log/journal</code> exists. Otherwise, only | |
125 | the latter applies. Note that this means that during early | |
126 | boot and if the administrator disabled persistent logging, | |
127 | only the latter options apply, while the former apply if | |
128 | persistent logging is enabled and the system is fully booted | |
129 | up. <span class="command"><strong>journalctl</strong></span> and | |
130 | <span class="command"><strong>systemd-journald</strong></span> ignore all files with | |
131 | names not ending with "<code class="literal">.journal</code>" or | |
132 | "<code class="literal">.journal~</code>", so only such files, located in | |
133 | the appropriate directories, are taken into account when | |
134 | calculating current disk usage. | |
135 | </p><p><code class="varname">SystemMaxUse=</code> and | |
136 | <code class="varname">RuntimeMaxUse=</code> control how much disk space | |
137 | the journal may use up at maximum. | |
138 | <code class="varname">SystemKeepFree=</code> and | |
139 | <code class="varname">RuntimeKeepFree=</code> control how much disk | |
140 | space systemd-journald shall leave free for other uses. | |
141 | <span class="command"><strong>systemd-journald</strong></span> will respect both limits | |
142 | and use the smaller of the two values.</p><p>The first pair defaults to 10% and the second to 15% of | |
143 | the size of the respective file system. If the file system is | |
144 | nearly full and either <code class="varname">SystemKeepFree=</code> or | |
145 | <code class="varname">RuntimeKeepFree=</code> is violated when | |
146 | systemd-journald is started, the value will be raised to | |
147 | percentage that is actually free. This means that if there was | |
148 | enough free space before and journal files were created, and | |
149 | subsequently something else causes the file system to fill up, | |
150 | journald will stop using more space, but it will not be | |
e3bff60a MP |
151 | removing existing files to go reduce footprint either.</p><p><code class="varname">SystemMaxFileSize=</code> and |
152 | <code class="varname">RuntimeMaxFileSize=</code> control how large | |
153 | individual journal files may grow at maximum. This influences | |
154 | the granularity in which disk space is made available through | |
155 | rotation, i.e. deletion of historic data. Defaults to one | |
156 | eighth of the values configured with | |
e735f4d4 | 157 | <code class="varname">SystemMaxUse=</code> and |
e3bff60a MP |
158 | <code class="varname">RuntimeMaxUse=</code>, so that usually seven |
159 | rotated journal files are kept as history. Specify values in | |
160 | bytes or use K, M, G, T, P, E as units for the specified sizes | |
161 | (equal to 1024, 1024²,... bytes). Note that size limits are | |
162 | enforced synchronously when journal files are extended, and no | |
163 | explicit rotation step triggered by time is | |
e735f4d4 MP |
164 | needed.</p></dd><dt id="MaxFileSec="><span class="term"><code class="varname">MaxFileSec=</code></span><a class="headerlink" title="Permalink to this term" href="#MaxFileSec=">¶</a></dt><dd><p>The maximum time to store entries in a single |
165 | journal file before rotating to the next one. Normally, | |
166 | time-based rotation should not be required as size-based | |
167 | rotation with options such as | |
168 | <code class="varname">SystemMaxFileSize=</code> should be sufficient to | |
169 | ensure that journal files do not grow without bounds. However, | |
170 | to ensure that not too much data is lost at once when old | |
171 | journal files are deleted, it might make sense to change this | |
172 | value from the default of one month. Set to 0 to turn off this | |
173 | feature. This setting takes time values which may be suffixed | |
174 | with the units "<code class="literal">year</code>", | |
175 | "<code class="literal">month</code>", "<code class="literal">week</code>", | |
176 | "<code class="literal">day</code>", "<code class="literal">h</code>" or | |
177 | "<code class="literal">m</code>" to override the default time unit of | |
178 | seconds.</p></dd><dt id="MaxRetentionSec="><span class="term"><code class="varname">MaxRetentionSec=</code></span><a class="headerlink" title="Permalink to this term" href="#MaxRetentionSec=">¶</a></dt><dd><p>The maximum time to store journal entries. | |
179 | This controls whether journal files containing entries older | |
180 | then the specified time span are deleted. Normally, time-based | |
181 | deletion of old journal files should not be required as | |
182 | size-based deletion with options such as | |
183 | <code class="varname">SystemMaxUse=</code> should be sufficient to | |
184 | ensure that journal files do not grow without bounds. However, | |
185 | to enforce data retention policies, it might make sense to | |
186 | change this value from the default of 0 (which turns off this | |
187 | feature). This setting also takes time values which may be | |
188 | suffixed with the units "<code class="literal">year</code>", | |
189 | "<code class="literal">month</code>", "<code class="literal">week</code>", | |
190 | "<code class="literal">day</code>", "<code class="literal">h</code>" or "<code class="literal"> | |
191 | m</code>" to override the default time unit of | |
192 | seconds.</p></dd><dt id="SyncIntervalSec="><span class="term"><code class="varname">SyncIntervalSec=</code></span><a class="headerlink" title="Permalink to this term" href="#SyncIntervalSec=">¶</a></dt><dd><p>The timeout before synchronizing journal files | |
193 | to disk. After syncing, journal files are placed in the | |
194 | OFFLINE state. Note that syncing is unconditionally done | |
195 | immediately after a log message of priority CRIT, ALERT or | |
196 | EMERG has been logged. This setting hence applies only to | |
197 | messages of the levels ERR, WARNING, NOTICE, INFO, DEBUG. The | |
198 | default timeout is 5 minutes. </p></dd><dt id="ForwardToSyslog="><span class="term"><code class="varname">ForwardToSyslog=</code>, </span><span class="term"><code class="varname">ForwardToKMsg=</code>, </span><span class="term"><code class="varname">ForwardToConsole=</code>, </span><span class="term"><code class="varname">ForwardToWall=</code></span><a class="headerlink" title="Permalink to this term" href="#ForwardToSyslog=">¶</a></dt><dd><p>Control whether log messages received by the | |
199 | journal daemon shall be forwarded to a traditional syslog | |
200 | daemon, to the kernel log buffer (kmsg), to the system | |
201 | console, or sent as wall messages to all logged-in users. | |
202 | These options take boolean arguments. If forwarding to syslog | |
e3bff60a MP |
203 | is enabled but nothing reads messages from the socket, |
204 | forwarding to syslog has no effect. By default, only | |
205 | forwarding to wall is enabled. These settings may be | |
206 | overridden at boot time with the kernel command line options | |
e735f4d4 MP |
207 | "<code class="literal">systemd.journald.forward_to_syslog=</code>", |
208 | "<code class="literal">systemd.journald.forward_to_kmsg=</code>", | |
e3bff60a | 209 | "<code class="literal">systemd.journald.forward_to_console=</code>", and |
e735f4d4 MP |
210 | "<code class="literal">systemd.journald.forward_to_wall=</code>". When |
211 | forwarding to the console, the TTY to log to can be changed | |
212 | with <code class="varname">TTYPath=</code>, described | |
213 | below.</p></dd><dt id="MaxLevelStore="><span class="term"><code class="varname">MaxLevelStore=</code>, </span><span class="term"><code class="varname">MaxLevelSyslog=</code>, </span><span class="term"><code class="varname">MaxLevelKMsg=</code>, </span><span class="term"><code class="varname">MaxLevelConsole=</code>, </span><span class="term"><code class="varname">MaxLevelWall=</code></span><a class="headerlink" title="Permalink to this term" href="#MaxLevelStore=">¶</a></dt><dd><p>Controls the maximum log level of messages | |
214 | that are stored on disk, forwarded to syslog, kmsg, the | |
215 | console or wall (if that is enabled, see above). As argument, | |
216 | takes one of | |
217 | "<code class="literal">emerg</code>", | |
218 | "<code class="literal">alert</code>", | |
219 | "<code class="literal">crit</code>", | |
220 | "<code class="literal">err</code>", | |
221 | "<code class="literal">warning</code>", | |
222 | "<code class="literal">notice</code>", | |
223 | "<code class="literal">info</code>", | |
224 | "<code class="literal">debug</code>", | |
225 | or integer values in the range of 0..7 (corresponding to the | |
226 | same levels). Messages equal or below the log level specified | |
227 | are stored/forwarded, messages above are dropped. Defaults to | |
228 | "<code class="literal">debug</code>" for <code class="varname">MaxLevelStore=</code> | |
229 | and <code class="varname">MaxLevelSyslog=</code>, to ensure that the all | |
230 | messages are written to disk and forwarded to syslog. Defaults | |
231 | to | |
232 | "<code class="literal">notice</code>" for <code class="varname">MaxLevelKMsg=</code>, | |
233 | "<code class="literal">info</code>" for <code class="varname">MaxLevelConsole=</code>, | |
234 | and "<code class="literal">emerg</code>" for | |
235 | <code class="varname">MaxLevelWall=</code>.</p></dd><dt id="TTYPath="><span class="term"><code class="varname">TTYPath=</code></span><a class="headerlink" title="Permalink to this term" href="#TTYPath=">¶</a></dt><dd><p>Change the console TTY to use if | |
236 | <code class="varname">ForwardToConsole=yes</code> is used. Defaults to | |
e3bff60a MP |
237 | <code class="filename">/dev/console</code>.</p></dd></dl></div></div><div class="refsect1"><a name="idm139651273443536"></a><h2 id="Forwarding to traditional syslog daemons">Forwarding to traditional syslog daemons<a class="headerlink" title="Permalink to this headline" href="#Forwarding%20to%20traditional%20syslog%20daemons">¶</a></h2><p> |
238 | Journal events can be transferred to a different logging daemon | |
239 | in two different ways. In the first method, messages are | |
240 | immediately forwarded to a socket | |
241 | (<code class="filename">/run/systemd/journal/syslog</code>), where the | |
242 | traditional syslog daemon can read them. This method is | |
243 | controlled by <code class="varname">ForwardToSyslog=</code> option. In a | |
244 | second method, a syslog daemon behaves like a normal journal | |
245 | client, and reads messages from the journal files, similarly to | |
246 | <a href="journalctl.html"><span class="citerefentry"><span class="refentrytitle">journalctl</span>(1)</span></a>. | |
247 | In this method, messages do not have to be read immediately, | |
248 | which allows a logging daemon which is only started late in boot | |
249 | to access all messages since the start of the system. In | |
250 | addition, full structured meta-data is available to it. This | |
251 | method of course is available only if the messages are stored in | |
252 | a journal file at all. So it will not work if | |
253 | <code class="varname">Storage=none</code> is set. It should be noted that | |
254 | usually the <span class="emphasis"><em>second</em></span> method is used by syslog | |
255 | daemons, so the <code class="varname">Storage=</code> option, and not the | |
256 | <code class="varname">ForwardToSyslog=</code> option, is relevant for them. | |
257 | </p></div><div class="refsect1"><a name="idm139651273438176"></a><h2 id="See Also">See Also<a class="headerlink" title="Permalink to this headline" href="#See%20Also">¶</a></h2><p> | |
e735f4d4 MP |
258 | <a href="systemd.html"><span class="citerefentry"><span class="refentrytitle">systemd</span>(1)</span></a>, |
259 | <a href="systemd-journald.service.html"><span class="citerefentry"><span class="refentrytitle">systemd-journald.service</span>(8)</span></a>, | |
260 | <a href="journalctl.html"><span class="citerefentry"><span class="refentrytitle">journalctl</span>(1)</span></a>, | |
261 | <a href="systemd.journal-fields.html"><span class="citerefentry"><span class="refentrytitle">systemd.journal-fields</span>(7)</span></a>, | |
262 | <a href="systemd-system.conf.html"><span class="citerefentry"><span class="refentrytitle">systemd-system.conf</span>(5)</span></a> | |
263 | </p></div></div></body></html> |