1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>systemd-journald.service</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><style>
a.headerlink {
color: #c60f0f;
font-size: 0.8em;
padding: 0 4px 0 4px;
text-decoration: none;
visibility: hidden;
}
a.headerlink:hover {
background-color: #c60f0f;
color: white;
}
h1:hover > a.headerlink, h2:hover > a.headerlink, h3:hover > a.headerlink, dt:hover > a.headerlink {
visibility: visible;
}
</style><a href="index.html">Index </a>·
<a href="systemd.directives.html">Directives </a>·
<a href="../python-systemd/index.html">Python </a>·
<span style="float:right">systemd 221</span><hr><div class="refentry"><a name="systemd-journald.service"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>systemd-journald.service, systemd-journald.socket, systemd-journald-dev-log.socket, systemd-journald — Journal service</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><p><code class="filename">systemd-journald.service</code></p><p><code class="filename">systemd-journald.socket</code></p><p><code class="filename">systemd-journald-dev-log.socket</code></p><p><code class="filename">/usr/lib/systemd/systemd-journald</code></p></div><div class="refsect1"><a name="idm47812375595040"></a><h2 id="Description">Description<a class="headerlink" title="Permalink to this headline" href="#Description">¶</a></h2><p><code class="filename">systemd-journald</code> is a system service
that collects and stores logging data. It creates and maintains
structured, indexed journals based on logging information that is
received from a variety of sources:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>Kernel log messages, via kmsg</p></li><li class="listitem"><p>Simple system log messages, via the libc
<a href="http://man7.org/linux/man-pages/man3/syslog.3.html"><span class="citerefentry"><span class="refentrytitle">syslog</span>(3)</span></a>
call</p></li><li class="listitem"><p>Structured system log messages via the native
Journal API, see
<a href="http://man7.org/linux/man-pages/man4/sd_journal_print.4.html"><span class="citerefentry"><span class="refentrytitle">sd_journal_print</span>(4)</span></a></p></li><li class="listitem"><p>Standard output and standard error of system
services</p></li><li class="listitem"><p>Audit records, via the audit
subsystem</p></li></ul></div><p>The daemon will implicitly collect numerous metadata fields
for each log messages in a secure and unfakeable way. See
<a href="systemd.journal-fields.html"><span class="citerefentry"><span class="refentrytitle">systemd.journal-fields</span>(7)</span></a>
for more information about the collected metadata.
</p><p>Log data collected by the journal is primarily text-based
but can also include binary data where necessary. All objects
stored in the journal can be up to 2^64-1 bytes in size.</p><p>By default, the journal stores log data in
<code class="filename">/run/log/journal/</code>. Since
<code class="filename">/run/</code> is volatile, log data is lost at
reboot. To make the data persistent, it is sufficient to create
<code class="filename">/var/log/journal/</code> where
<code class="filename">systemd-journald</code> will then store the
data.</p><p><code class="filename">systemd-journald</code> will forward all
received log messages to the
<code class="constant">AF_UNIX</code>/<code class="constant">SOCK_DGRAM</code>
socket <code class="filename">/run/systemd/journal/syslog</code>, if it
exists, which may be used by Unix syslog daemons to process the
data further.</p><p>See
<a href="journald.conf.html"><span class="citerefentry"><span class="refentrytitle">journald.conf</span>(5)</span></a>
for information about the configuration of this service.</p></div><div class="refsect1"><a name="idm47812374798016"></a><h2 id="Signals">Signals<a class="headerlink" title="Permalink to this headline" href="#Signals">¶</a></h2><div class="variablelist"><dl class="variablelist"><dt id="SIGUSR1"><span class="term">SIGUSR1</span><a class="headerlink" title="Permalink to this term" href="#SIGUSR1">¶</a></dt><dd><p>Request that journal data from
<code class="filename">/run/</code> is flushed to
<code class="filename">/var/</code> in order to make it persistent (if
this is enabled). This must be used after
<code class="filename">/var/</code> is mounted, as otherwise log data
from <code class="filename">/run</code> is never flushed to
<code class="filename">/var</code> regardless of the
configuration.</p></dd><dt id="SIGUSR2"><span class="term">SIGUSR2</span><a class="headerlink" title="Permalink to this term" href="#SIGUSR2">¶</a></dt><dd><p>Request immediate rotation of the journal
files.</p></dd></dl></div></div><div class="refsect1"><a name="idm47812374791072"></a><h2 id="Kernel Command Line">Kernel Command Line<a class="headerlink" title="Permalink to this headline" href="#Kernel%20Command%20Line">¶</a></h2><p>A few configuration parameters from
<code class="filename">journald.conf</code> may be overridden on the kernel
command line:</p><div class="variablelist"><dl class="variablelist"><dt id="systemd.journald.forward_to_syslog="><span class="term"><code class="varname">systemd.journald.forward_to_syslog=</code>, </span><span class="term"><code class="varname">systemd.journald.forward_to_kmsg=</code>, </span><span class="term"><code class="varname">systemd.journald.forward_to_console=</code>, </span><span class="term"><code class="varname">systemd.journald.forward_to_wall=</code></span><a class="headerlink" title="Permalink to this term" href="#systemd.journald.forward_to_syslog=">¶</a></dt><dd><p>Enables/disables forwarding of collected log
messages to syslog, the kernel log buffer, the system console
or wall.
</p><p>See
<a href="journald.conf.html"><span class="citerefentry"><span class="refentrytitle">journald.conf</span>(5)</span></a>
for information about these settings.</p></dd></dl></div></div><div class="refsect1"><a name="idm47812374784288"></a><h2 id="Access Control">Access Control<a class="headerlink" title="Permalink to this headline" href="#Access%20Control">¶</a></h2><p>Journal files are, by default, owned and readable by the
"<code class="literal">systemd-journal</code>" system group but are not
writable. Adding a user to this group thus enables her/him to read
the journal files.</p><p>By default, each logged in user will get her/his own set of
journal files in <code class="filename">/var/log/journal/</code>. These
files will not be owned by the user, however, in order to avoid
that the user can write to them directly. Instead, file system
ACLs are used to ensure the user gets read access only.</p><p>Additional users and groups may be granted access to journal
files via file system access control lists (ACL). Distributions
and administrators may choose to grant read access to all members
of the "<code class="literal">wheel</code>" and "<code class="literal">adm</code>" system
groups with a command such as the following:</p><pre class="programlisting"># setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/</pre><p>Note that this command will update the ACLs both for
existing journal files and for future journal files created in the
<code class="filename">/var/log/journal/</code> directory.</p></div><div class="refsect1"><a name="idm47812374777424"></a><h2 id="Files">Files<a class="headerlink" title="Permalink to this headline" href="#Files">¶</a></h2><div class="variablelist"><dl class="variablelist"><dt id="/etc/systemd/journald.conf"><span class="term"><code class="filename">/etc/systemd/journald.conf</code></span><a class="headerlink" title="Permalink to this term" href="#/etc/systemd/journald.conf">¶</a></dt><dd><p>Configure
<span class="command"><strong>systemd-journald</strong></span>
behaviour. See
<a href="journald.conf.html"><span class="citerefentry"><span class="refentrytitle">journald.conf</span>(5)</span></a>.
</p></dd><dt id="/run/log/journal/machine-id/*.journal"><span class="term"><code class="filename">/run/log/journal/<em class="replaceable"><code>machine-id</code></em>/*.journal</code>, </span><span class="term"><code class="filename">/run/log/journal/<em class="replaceable"><code>machine-id</code></em>/*.journal~</code>, </span><span class="term"><code class="filename">/var/log/journal/<em class="replaceable"><code>machine-id</code></em>/*.journal</code>, </span><span class="term"><code class="filename">/var/log/journal/<em class="replaceable"><code>machine-id</code></em>/*.journal~</code></span><a class="headerlink" title="Permalink to this term" href="#/run/log/journal/machine-id/*.journal">¶</a></dt><dd><p><span class="command"><strong>systemd-journald</strong></span> writes
entries to files in
<code class="filename">/run/log/journal/<em class="replaceable"><code>machine-id</code></em>/</code>
or
<code class="filename">/var/log/journal/<em class="replaceable"><code>machine-id</code></em>/</code>
with the "<code class="literal">.journal</code>" suffix. If the daemon is
stopped uncleanly, or if the files are found to be corrupted,
they are renamed using the "<code class="literal">.journal~</code>"
suffix, and <span class="command"><strong>systemd-journald</strong></span> starts writing
to a new file. <code class="filename">/run</code> is used when
<code class="filename">/var/log/journal</code> is not available, or
when <code class="option">Storage=volatile</code> is set in the
<a href="journald.conf.html"><span class="citerefentry"><span class="refentrytitle">journald.conf</span>(5)</span></a>
configuration file. </p></dd></dl></div></div><div class="refsect1"><a name="idm47812374760864"></a><h2 id="See Also">See Also<a class="headerlink" title="Permalink to this headline" href="#See%20Also">¶</a></h2><p>
<a href="systemd.html"><span class="citerefentry"><span class="refentrytitle">systemd</span>(1)</span></a>,
<a href="journalctl.html"><span class="citerefentry"><span class="refentrytitle">journalctl</span>(1)</span></a>,
<a href="journald.conf.html"><span class="citerefentry"><span class="refentrytitle">journald.conf</span>(5)</span></a>,
<a href="systemd.journal-fields.html"><span class="citerefentry"><span class="refentrytitle">systemd.journal-fields</span>(7)</span></a>,
<a href="sd-journal.html"><span class="citerefentry"><span class="refentrytitle">sd-journal</span>(3)</span></a>,
<a href="systemd-coredump.html"><span class="citerefentry"><span class="refentrytitle">systemd-coredump</span>(8)</span></a>,
<a href="http://linux.die.net/man/1/setfacl"><span class="citerefentry"><span class="refentrytitle">setfacl</span>(1)</span></a>,
<a href="http://man7.org/linux/man-pages/man4/sd_journal_print.4.html"><span class="citerefentry"><span class="refentrytitle">sd_journal_print</span>(4)</span></a>,
<span class="command"><strong>pydoc systemd.journal</strong></span>.
</p></div></div></body></html>
|
