1 <?xml version='1.0'?> <!--*-nxml-*-->
2 <?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?>
3 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
4 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
7 This file is part of systemd.
9 Copyright 2010 Lennart Poettering
11 systemd is free software; you can redistribute it and/or modify it
12 under the terms of the GNU Lesser General Public License as published by
13 the Free Software Foundation; either version 2.1 of the License, or
14 (at your option) any later version.
16 systemd is distributed in the hope that it will be useful, but
17 WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
21 You should have received a copy of the GNU Lesser General Public License
22 along with systemd; If not, see <http://www.gnu.org/licenses/>.
25 <refentry id="journald.conf">
27 <title>journald.conf</title>
28 <productname>systemd</productname>
32 <contrib>Developer</contrib>
33 <firstname>Lennart</firstname>
34 <surname>Poettering</surname>
35 <email>lennart@poettering.net</email>
41 <refentrytitle>journald.conf</refentrytitle>
42 <manvolnum>5</manvolnum>
46 <refname>journald.conf</refname>
47 <refpurpose>Journal service configuration file</refpurpose>
51 <para><filename>/etc/systemd/journald.conf</filename></para>
55 <title>Description</title>
57 <para>This file configures various parameters of the
58 systemd journal service,
59 <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
64 <title>Options</title>
66 <para>All options are configured in the
67 <literal>[Journal]</literal> section:</para>
72 <term><varname>Storage=</varname></term>
74 <listitem><para>Controls where to
75 store journal data. One of
76 <literal>volatile</literal>,
77 <literal>persistent</literal>,
78 <literal>auto</literal> and
79 <literal>none</literal>. If
80 <literal>volatile</literal>, journal
81 log data will be stored only in
82 memory, i.e. below the
83 <filename>/run/log/journal</filename>
84 hierarchy (which is created if
86 <literal>persistent</literal>, data will
87 be stored preferably on disk,
89 <filename>/var/log/journal</filename>
90 hierarchy (which is created if
91 needed), with a fallback to
92 <filename>/run/log/journal</filename>
93 (which is created if needed), during
94 early boot and if the disk is not
95 writable. <literal>auto</literal> is
97 <literal>persistent</literal> but the
99 <filename>/var/log/journal</filename>
100 is not created if needed, so that its
101 existence controls where log data
102 goes. <literal>none</literal> turns
103 off all storage, all log data received
104 will be dropped. Forwarding to other
105 targets, such as the console, the
106 kernel log buffer or a syslog daemon
107 will still work however. Defaults to
108 <literal>auto</literal>.</para></listitem>
112 <term><varname>Compress=</varname></term>
114 <listitem><para>Takes a boolean
115 value. If enabled (the default), data
116 objects that shall be stored in the
117 journal and are larger than a certain
118 threshold are compressed with the XZ
119 compression algorithm before they are
121 system.</para></listitem>
125 <term><varname>Seal=</varname></term>
127 <listitem><para>Takes a boolean
128 value. If enabled (the default), and a
129 sealing key is available (as created
131 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
132 <option>--setup-keys</option>
133 command), Forward Secure Sealing (FSS)
134 for all persistent journal files is
135 enabled. FSS is based on <ulink
136 url="https://eprint.iacr.org/2013/397">Seekable
137 Sequential Key Generators</ulink> by
138 G. A. Marson and B. Poettering
139 (doi:10.1007/978-3-642-40203-6_7)
140 and may be used to protect journal files
141 from unnoticed alteration.</para></listitem>
145 <term><varname>SplitMode=</varname></term>
147 <listitem><para>Controls whether to
148 split up journal files per user. One
149 of <literal>uid</literal>,
150 <literal>login</literal> and
151 <literal>none</literal>. If
152 <literal>uid</literal>, all users will
153 get each their own journal files
154 regardless of whether they possess a
155 login session or not, however system
156 users will log into the system
157 journal. If <literal>login</literal>,
158 actually logged-in users will get each
159 their own journal files, but users
160 without login session and system users
161 will log into the system journal. If
162 <literal>none</literal>, journal files
163 are not split up by user and all
164 messages are instead stored in the
165 single system journal. Note that
166 splitting up journal files by user is
167 only available for journals stored
168 persistently. If journals are stored
169 on volatile storage (see above), only
170 a single journal file for all user IDs
172 <literal>uid</literal>.</para></listitem>
176 <term><varname>RateLimitInterval=</varname></term>
177 <term><varname>RateLimitBurst=</varname></term>
179 <listitem><para>Configures the rate
180 limiting that is applied to all
181 messages generated on the system. If,
182 in the time interval defined by
183 <varname>RateLimitInterval=</varname>,
184 more messages than specified in
185 <varname>RateLimitBurst=</varname> are
186 logged by a service, all further
187 messages within the interval are
188 dropped until the interval is over. A
189 message about the number of dropped
190 messages is generated. This rate
191 limiting is applied per-service, so
192 that two services which log do not
193 interfere with each other's
194 limits. Defaults to 1000 messages in
195 30s. The time specification for
196 <varname>RateLimitInterval=</varname>
197 may be specified in the following
198 units: <literal>s</literal>,
199 <literal>min</literal>,
200 <literal>h</literal>,
201 <literal>ms</literal>,
202 <literal>us</literal>. To turn off any
203 kind of rate limiting, set either
204 value to 0.</para></listitem>
208 <term><varname>SystemMaxUse=</varname></term>
209 <term><varname>SystemKeepFree=</varname></term>
210 <term><varname>SystemMaxFileSize=</varname></term>
211 <term><varname>RuntimeMaxUse=</varname></term>
212 <term><varname>RuntimeKeepFree=</varname></term>
213 <term><varname>RuntimeMaxFileSize=</varname></term>
215 <listitem><para>Enforce size limits on
216 the journal files stored. The options
218 <literal>System</literal> apply to the
219 journal files when stored on a
220 persistent file system, more
222 <filename>/var/log/journal</filename>. The
223 options prefixed with
224 <literal>Runtime</literal> apply to
225 the journal files when stored on a
226 volatile in-memory file system, more
228 <filename>/run/log/journal</filename>. The
229 former is used only when
230 <filename>/var</filename> is mounted,
231 writable, and the directory
232 <filename>/var/log/journal</filename>
233 exists. Otherwise, only the latter
234 applies. Note that this means that
235 during early boot and if the
236 administrator disabled persistent
237 logging, only the latter options apply,
238 while the former apply if persistent
239 logging is enabled and the system is
241 up. <command>journalctl</command> and
242 <command>systemd-journald</command>
243 ignore all files with names not ending
244 with <literal>.journal</literal> or
245 <literal>.journal~</literal>, so only
246 such files, located in the appropriate
247 directories, are taken into account
248 when calculating current disk usage.
251 <para><varname>SystemMaxUse=</varname>
252 and <varname>RuntimeMaxUse=</varname>
253 control how much disk space the
254 journal may use up at maximum.
255 <varname>SystemKeepFree=</varname> and
256 <varname>RuntimeKeepFree=</varname>
257 control how much disk space
258 systemd-journald shall leave free for
260 <command>systemd-journald</command>
261 will respect both limits and use the
262 smaller of the two values.</para>
264 <para>The first pair defaults to 10%
265 and the second to 15% of the size of
266 the respective file system. If the
267 file system is nearly full and either
268 <varname>SystemKeepFree=</varname> or
269 <varname>RuntimeKeepFree=</varname> is
270 violated when systemd-journald is
271 started, the value will be raised to
272 percentage that is actually free. This
273 means that if there was enough
274 free space before and journal files were
275 created, and subsequently something
276 else causes the file system to fill
277 up, journald will stop using more
278 space, but it will not be removing
279 existing files to go reduce footprint
282 <para><varname>SystemMaxFileSize=</varname>
284 <varname>RuntimeMaxFileSize=</varname>
285 control how large individual journal
286 files may grow at maximum. This
287 influences the granularity in which
288 disk space is made available through
289 rotation, i.e. deletion of historic
290 data. Defaults to one eighth of the
291 values configured with
292 <varname>SystemMaxUse=</varname> and
293 <varname>RuntimeMaxUse=</varname>, so
294 that usually seven rotated journal
295 files are kept as history. Specify
296 values in bytes or use K, M, G, T, P,
297 E as units for the specified sizes
298 (equal to 1024, 1024²,... bytes).
299 Note that size limits are enforced
300 synchronously when journal files are
301 extended, and no explicit rotation
302 step triggered by time is
303 needed.</para></listitem>
307 <term><varname>MaxFileSec=</varname></term>
309 <listitem><para>The maximum time to
310 store entries in a single journal
311 file before rotating to the next
312 one. Normally, time-based rotation
313 should not be required as size-based
314 rotation with options such as
315 <varname>SystemMaxFileSize=</varname>
316 should be sufficient to ensure that
317 journal files do not grow without
318 bounds. However, to ensure that not
319 too much data is lost at once when old
320 journal files are deleted, it might
321 make sense to change this value from
322 the default of one month. Set to 0 to
323 turn off this feature. This setting
324 takes time values which may be
325 suffixed with the units
326 <literal>year</literal>,
327 <literal>month</literal>,
328 <literal>week</literal>, <literal>day</literal>,
329 <literal>h</literal> or <literal>m</literal>
330 to override the default time unit of
331 seconds.</para></listitem>
335 <term><varname>MaxRetentionSec=</varname></term>
337 <listitem><para>The maximum time to
338 store journal entries. This
339 controls whether journal files
340 containing entries older then the
341 specified time span are
342 deleted. Normally, time-based deletion
343 of old journal files should not be
344 required as size-based deletion with
346 <varname>SystemMaxUse=</varname>
347 should be sufficient to ensure that
348 journal files do not grow without
349 bounds. However, to enforce data
350 retention policies, it might make sense
351 to change this value from the
352 default of 0 (which turns off this
353 feature). This setting also takes
354 time values which may be suffixed with
355 the units <literal>year</literal>,
356 <literal>month</literal>,
357 <literal>week</literal>, <literal>day</literal>,
358 <literal>h</literal> or <literal> m</literal>
359 to override the default time unit of
360 seconds.</para></listitem>
365 <term><varname>SyncIntervalSec=</varname></term>
367 <listitem><para>The timeout before
368 synchronizing journal files to
369 disk. After syncing, journal files are
370 placed in the OFFLINE state. Note that
371 syncing is unconditionally done
372 immediately after a log message of
373 priority CRIT, ALERT or EMERG has been
374 logged. This setting hence applies
375 only to messages of the levels ERR,
376 WARNING, NOTICE, INFO, DEBUG. The
377 default timeout is 5 minutes.
382 <term><varname>ForwardToSyslog=</varname></term>
383 <term><varname>ForwardToKMsg=</varname></term>
384 <term><varname>ForwardToConsole=</varname></term>
385 <term><varname>ForwardToWall=</varname></term>
387 <listitem><para>Control whether log
388 messages received by the journal
389 daemon shall be forwarded to a
390 traditional syslog daemon, to the
391 kernel log buffer (kmsg), to the
392 system console, or sent as wall
393 messages to all logged-in users. These
394 options take boolean arguments. If
395 forwarding to syslog is enabled but no
396 syslog daemon is running, the
397 respective option has no effect. By
398 default, only forwarding wall is
399 enabled. These settings may be
400 overridden at boot time with the
401 kernel command line options
402 <literal>systemd.journald.forward_to_syslog=</literal>,
403 <literal>systemd.journald.forward_to_kmsg=</literal>,
404 <literal>systemd.journald.forward_to_console=</literal>
406 <literal>systemd.journald.forward_to_wall=</literal>.
407 When forwarding to the console, the
408 TTY to log to can be changed with
409 <varname>TTYPath=</varname>, described
410 below.</para></listitem>
414 <term><varname>MaxLevelStore=</varname></term>
415 <term><varname>MaxLevelSyslog=</varname></term>
416 <term><varname>MaxLevelKMsg=</varname></term>
417 <term><varname>MaxLevelConsole=</varname></term>
418 <term><varname>MaxLevelWall=</varname></term>
420 <listitem><para>Controls the maximum
421 log level of messages that are stored
422 on disk, forwarded to syslog, kmsg,
423 the console or wall (if that is
424 enabled, see above). As argument,
426 <literal>emerg</literal>,
427 <literal>alert</literal>,
428 <literal>crit</literal>,
429 <literal>err</literal>,
430 <literal>warning</literal>,
431 <literal>notice</literal>,
432 <literal>info</literal>,
433 <literal>debug</literal> or integer
434 values in the range of 0..7 (corresponding
435 to the same levels). Messages equal or below
436 the log level specified are
437 stored/forwarded, messages above are
439 <literal>debug</literal> for
440 <varname>MaxLevelStore=</varname> and
441 <varname>MaxLevelSyslog=</varname>, to
442 ensure that the all messages are
443 written to disk and forwarded to
445 <literal>notice</literal> for
446 <varname>MaxLevelKMsg=</varname>,
447 <literal>info</literal> for
448 <varname>MaxLevelConsole=</varname> and
449 <literal>emerg</literal> for
450 <varname>MaxLevelWall=</varname>.</para></listitem>
454 <term><varname>TTYPath=</varname></term>
456 <listitem><para>Change the console TTY
458 <varname>ForwardToConsole=yes</varname>
460 <filename>/dev/console</filename>.</para></listitem>
468 <title>See Also</title>
470 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
471 <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
472 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
473 <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
474 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>