1 <?xml version='1.0'?> <!--*-nxml-*-->
2 <?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?>
3 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
4 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
7 This file is part of systemd.
9 Copyright 2010 Lennart Poettering
11 systemd is free software; you can redistribute it and/or modify it
12 under the terms of the GNU Lesser General Public License as published by
13 the Free Software Foundation; either version 2.1 of the License, or
14 (at your option) any later version.
16 systemd is distributed in the hope that it will be useful, but
17 WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
21 You should have received a copy of the GNU Lesser General Public License
22 along with systemd; If not, see <http://www.gnu.org/licenses/>.
25 <refentry id="journald.conf">
27 <title>journald.conf</title>
28 <productname>systemd</productname>
32 <contrib>Developer</contrib>
33 <firstname>Lennart</firstname>
34 <surname>Poettering</surname>
35 <email>lennart@poettering.net</email>
41 <refentrytitle>journald.conf</refentrytitle>
42 <manvolnum>5</manvolnum>
46 <refname>journald.conf</refname>
47 <refpurpose>Journal service configuration file</refpurpose>
51 <para><filename>/etc/systemd/journald.conf</filename></para>
55 <title>Description</title>
57 <para>This file configures various parameters of the
58 systemd journal service,
59 <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
64 <title>Options</title>
66 <para>All options are configured in the
67 <literal>[Journal]</literal> section:</para>
72 <term><varname>Storage=</varname></term>
74 <listitem><para>Controls where to
75 store journal data. One of
76 <literal>volatile</literal>,
77 <literal>persistent</literal>,
78 <literal>auto</literal> and
79 <literal>none</literal>. If
80 <literal>volatile</literal>, journal
81 log data will be stored only in
82 memory, i.e. below the
83 <filename>/run/log/journal</filename>
84 hierarchy (which is created if
86 <literal>persistent</literal>, data will
87 be stored preferably on disk,
89 <filename>/var/log/journal</filename>
90 hierarchy (which is created if
91 needed), with a fallback to
92 <filename>/run/log/journal</filename>
93 (which is created if needed), during
94 early boot and if the disk is not
95 writable. <literal>auto</literal> is
97 <literal>persistent</literal> but the
99 <filename>/var/log/journal</filename>
100 is not created if needed, so that its
101 existence controls where log data
102 goes. <literal>none</literal> turns
103 off all storage, all log data received
104 will be dropped. Forwarding to other
105 targets, such as the console, the
106 kernel log buffer or a syslog daemon
107 will still work however. Defaults to
108 <literal>auto</literal>.</para></listitem>
112 <term><varname>Compress=</varname></term>
114 <listitem><para>Takes a boolean
115 value. If enabled (the default), data
116 objects that shall be stored in the
117 journal and are larger than a certain
118 threshold are compressed with the XZ
119 compression algorithm before they are
121 system.</para></listitem>
125 <term><varname>Seal=</varname></term>
127 <listitem><para>Takes a boolean
128 value. If enabled (the default), and a
129 sealing key is available (as created
131 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
132 <option>--setup-keys</option>
133 command), Forward Secure Sealing (FSS)
134 for all persistent journal files is
135 enabled. FSS is based on <ulink
136 url="https://eprint.iacr.org/2013/397">Seekable
137 Sequential Key Generators</ulink> by
138 G. A. Marson and B. Poettering
139 (doi:10.1007/978-3-642-40203-6_7)
140 and may be used to protect journal files
141 from unnoticed alteration.</para></listitem>
145 <term><varname>SplitMode=</varname></term>
147 <listitem><para>Controls whether to
148 split up journal files per user. One
149 of <literal>login</literal>,
150 <literal>uid</literal> and
151 <literal>none</literal>. If
152 <literal>login</literal>, each logged-in
153 user will get his own journal
154 files, but systemd user IDs will log
155 into the system journal. If
156 <literal>uid</literal>, any user ID
157 will get his own journal files
158 regardless of whether it belongs to a
159 system service or refers to a real
161 <literal>none</literal>, journal files
162 are not split up by user and all
163 messages are instead stored in the single
164 system journal. Note that splitting
165 up journal files by user is only
166 available for journals stored
167 persistently. If journals are stored
168 on volatile storage (see above), only a
169 single journal file for all user IDs
171 <literal>login</literal>.</para></listitem>
175 <term><varname>RateLimitInterval=</varname></term>
176 <term><varname>RateLimitBurst=</varname></term>
178 <listitem><para>Configures the rate
179 limiting that is applied to all
180 messages generated on the system. If,
181 in the time interval defined by
182 <varname>RateLimitInterval=</varname>,
183 more messages than specified in
184 <varname>RateLimitBurst=</varname> are
185 logged by a service, all further
186 messages within the interval are
187 dropped until the interval is over. A
188 message about the number of dropped
189 messages is generated. This rate
190 limiting is applied per-service, so
191 that two services which log do not
192 interfere with each other's
193 limits. Defaults to 1000 messages in
194 30s. The time specification for
195 <varname>RateLimitInterval=</varname>
196 may be specified in the following
197 units: <literal>s</literal>,
198 <literal>min</literal>,
199 <literal>h</literal>,
200 <literal>ms</literal>,
201 <literal>us</literal>. To turn off any
202 kind of rate limiting, set either
203 value to 0.</para></listitem>
207 <term><varname>SystemMaxUse=</varname></term>
208 <term><varname>SystemKeepFree=</varname></term>
209 <term><varname>SystemMaxFileSize=</varname></term>
210 <term><varname>RuntimeMaxUse=</varname></term>
211 <term><varname>RuntimeKeepFree=</varname></term>
212 <term><varname>RuntimeMaxFileSize=</varname></term>
214 <listitem><para>Enforce size limits on
215 the journal files stored. The options
217 <literal>System</literal> apply to the
218 journal files when stored on a
219 persistent file system, more
221 <filename>/var/log/journal</filename>. The
222 options prefixed with
223 <literal>Runtime</literal> apply to
224 the journal files when stored on a
225 volatile in-memory file system, more
227 <filename>/run/log/journal</filename>. The
228 former is used only when
229 <filename>/var</filename> is mounted,
230 writable, and the directory
231 <filename>/var/log/journal</filename>
232 exists. Otherwise, only the latter
233 applies. Note that this means that
234 during early boot and if the
235 administrator disabled persistent
236 logging, only the latter options apply,
237 while the former apply if persistent
238 logging is enabled and the system is
240 up. <command>journalctl</command> and
241 <command>systemd-journald</command>
242 ignore all files with names not ending
243 with <literal>.journal</literal> or
244 <literal>.journal~</literal>, so only
245 such files, located in the appropriate
246 directories, are taken into account
247 when calculating current disk usage.
250 <para><varname>SystemMaxUse=</varname>
251 and <varname>RuntimeMaxUse=</varname>
252 control how much disk space the
253 journal may use up at maximum.
254 <varname>SystemKeepFree=</varname> and
255 <varname>RuntimeKeepFree=</varname>
256 control how much disk space
257 systemd-journald shall leave free for
259 <command>systemd-journald</command>
260 will respect both limits and use the
261 smaller of the two values.</para>
263 <para>The first pair defaults to 10%
264 and the second to 15% of the size of
265 the respective file system. If the
266 file system is nearly full and either
267 <varname>SystemKeepFree=</varname> or
268 <varname>RuntimeKeepFree=</varname> is
269 violated when systemd-journald is
270 started, the value will be raised to
271 percentage that is actually free. This
272 means that if there was enough
273 free space before and journal files were
274 created, and subsequently something
275 else causes the file system to fill
276 up, journald will stop using more
277 space, but it will not be removing
278 existing files to go reduce footprint
281 <para><varname>SystemMaxFileSize=</varname>
283 <varname>RuntimeMaxFileSize=</varname>
284 control how large individual journal
285 files may grow at maximum. This
286 influences the granularity in which
287 disk space is made available through
288 rotation, i.e. deletion of historic
289 data. Defaults to one eighth of the
290 values configured with
291 <varname>SystemMaxUse=</varname> and
292 <varname>RuntimeMaxUse=</varname>, so
293 that usually seven rotated journal
294 files are kept as history. Specify
295 values in bytes or use K, M, G, T, P,
296 E as units for the specified sizes
297 (equal to 1024, 1024²,... bytes).
298 Note that size limits are enforced
299 synchronously when journal files are
300 extended, and no explicit rotation
301 step triggered by time is
302 needed.</para></listitem>
306 <term><varname>MaxFileSec=</varname></term>
308 <listitem><para>The maximum time to
309 store entries in a single journal
310 file before rotating to the next
311 one. Normally, time-based rotation
312 should not be required as size-based
313 rotation with options such as
314 <varname>SystemMaxFileSize=</varname>
315 should be sufficient to ensure that
316 journal files do not grow without
317 bounds. However, to ensure that not
318 too much data is lost at once when old
319 journal files are deleted, it might
320 make sense to change this value from
321 the default of one month. Set to 0 to
322 turn off this feature. This setting
323 takes time values which may be
324 suffixed with the units
325 <literal>year</literal>,
326 <literal>month</literal>,
327 <literal>week</literal>, <literal>day</literal>,
328 <literal>h</literal> or <literal>m</literal>
329 to override the default time unit of
330 seconds.</para></listitem>
334 <term><varname>MaxRetentionSec=</varname></term>
336 <listitem><para>The maximum time to
337 store journal entries. This
338 controls whether journal files
339 containing entries older then the
340 specified time span are
341 deleted. Normally, time-based deletion
342 of old journal files should not be
343 required as size-based deletion with
345 <varname>SystemMaxUse=</varname>
346 should be sufficient to ensure that
347 journal files do not grow without
348 bounds. However, to enforce data
349 retention policies, it might make sense
350 to change this value from the
351 default of 0 (which turns off this
352 feature). This setting also takes
353 time values which may be suffixed with
354 the units <literal>year</literal>,
355 <literal>month</literal>,
356 <literal>week</literal>, <literal>day</literal>,
357 <literal>h</literal> or <literal> m</literal>
358 to override the default time unit of
359 seconds.</para></listitem>
364 <term><varname>SyncIntervalSec=</varname></term>
366 <listitem><para>The timeout before
367 synchronizing journal files to
368 disk. After syncing, journal files are
369 placed in the OFFLINE state. Note that
370 syncing is unconditionally done
371 immediately after a log message of
372 priority CRIT, ALERT or EMERG has been
373 logged. This setting hence applies
374 only to messages of the levels ERR,
375 WARNING, NOTICE, INFO, DEBUG. The
376 default timeout is 5 minutes.
381 <term><varname>ForwardToSyslog=</varname></term>
382 <term><varname>ForwardToKMsg=</varname></term>
383 <term><varname>ForwardToConsole=</varname></term>
384 <term><varname>ForwardToWall=</varname></term>
386 <listitem><para>Control whether log
387 messages received by the journal
388 daemon shall be forwarded to a
389 traditional syslog daemon, to the
390 kernel log buffer (kmsg), to the
391 system console, or sent as wall
392 messages to all logged-in users. These
393 options take boolean arguments. If
394 forwarding to syslog is enabled but no
395 syslog daemon is running, the
396 respective option has no effect. By
397 default, only forwarding to syslog and
398 wall is enabled. These settings may be
399 overridden at boot time with the
400 kernel command line options
401 <literal>systemd.journald.forward_to_syslog=</literal>,
402 <literal>systemd.journald.forward_to_kmsg=</literal>,
403 <literal>systemd.journald.forward_to_console=</literal>
405 <literal>systemd.journald.forward_to_wall=</literal>.
406 When forwarding to the console, the
407 TTY to log to can be changed
408 with <varname>TTYPath=</varname>,
409 described below.</para></listitem>
413 <term><varname>MaxLevelStore=</varname></term>
414 <term><varname>MaxLevelSyslog=</varname></term>
415 <term><varname>MaxLevelKMsg=</varname></term>
416 <term><varname>MaxLevelConsole=</varname></term>
417 <term><varname>MaxLevelWall=</varname></term>
419 <listitem><para>Controls the maximum
420 log level of messages that are stored
421 on disk, forwarded to syslog, kmsg,
422 the console or wall (if that is
423 enabled, see above). As argument,
425 <literal>emerg</literal>,
426 <literal>alert</literal>,
427 <literal>crit</literal>,
428 <literal>err</literal>,
429 <literal>warning</literal>,
430 <literal>notice</literal>,
431 <literal>info</literal>,
432 <literal>debug</literal> or integer
433 values in the range of 0..7 (corresponding
434 to the same levels). Messages equal or below
435 the log level specified are
436 stored/forwarded, messages above are
438 <literal>debug</literal> for
439 <varname>MaxLevelStore=</varname> and
440 <varname>MaxLevelSyslog=</varname>, to
441 ensure that the all messages are
442 written to disk and forwarded to
444 <literal>notice</literal> for
445 <varname>MaxLevelKMsg=</varname>,
446 <literal>info</literal> for
447 <varname>MaxLevelConsole=</varname> and
448 <literal>emerg</literal> for
449 <varname>MaxLevelWall=</varname>.</para></listitem>
453 <term><varname>TTYPath=</varname></term>
455 <listitem><para>Change the console TTY
457 <varname>ForwardToConsole=yes</varname>
459 <filename>/dev/console</filename>.</para></listitem>
467 <title>See Also</title>
469 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
470 <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
471 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
472 <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
473 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>