1 <?xml version='1.0'?> <!--*-nxml-*-->
2 <?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?>
3 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
4 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
7 This file is part of systemd.
9 Copyright 2010 Lennart Poettering
11 systemd is free software; you can redistribute it and/or modify it
12 under the terms of the GNU Lesser General Public License as published by
13 the Free Software Foundation; either version 2.1 of the License, or
14 (at your option) any later version.
16 systemd is distributed in the hope that it will be useful, but
17 WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
21 You should have received a copy of the GNU Lesser General Public License
22 along with systemd; If not, see <http://www.gnu.org/licenses/>.
25 <refentry id="journald.conf"
26 xmlns:xi="http://www.w3.org/2001/XInclude">
28 <title>journald.conf</title>
29 <productname>systemd</productname>
33 <contrib>Developer</contrib>
34 <firstname>Lennart</firstname>
35 <surname>Poettering</surname>
36 <email>lennart@poettering.net</email>
42 <refentrytitle>journald.conf</refentrytitle>
43 <manvolnum>5</manvolnum>
47 <refname>journald.conf</refname>
48 <refname>journald.conf.d</refname>
49 <refpurpose>Journal service configuration files</refpurpose>
53 <para><filename>/etc/systemd/journald.conf</filename></para>
54 <para><filename>/etc/systemd/journald.conf.d/*.conf</filename></para>
55 <para><filename>/run/systemd/journald.conf.d/*.conf</filename></para>
56 <para><filename>/usr/lib/systemd/journald.conf.d/*.conf</filename></para>
60 <title>Description</title>
62 <para>These files configure various parameters of the
63 systemd journal service,
64 <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
68 <xi:include href="standard-conf.xml" xpointer="confd" />
69 <xi:include href="standard-conf.xml" xpointer="conf" />
72 <title>Options</title>
74 <para>All options are configured in the
75 <literal>[Journal]</literal> section:</para>
80 <term><varname>Storage=</varname></term>
82 <listitem><para>Controls where to
83 store journal data. One of
84 <literal>volatile</literal>,
85 <literal>persistent</literal>,
86 <literal>auto</literal> and
87 <literal>none</literal>. If
88 <literal>volatile</literal>, journal
89 log data will be stored only in
90 memory, i.e. below the
91 <filename>/run/log/journal</filename>
92 hierarchy (which is created if
94 <literal>persistent</literal>, data will
95 be stored preferably on disk,
97 <filename>/var/log/journal</filename>
98 hierarchy (which is created if
99 needed), with a fallback to
100 <filename>/run/log/journal</filename>
101 (which is created if needed), during
102 early boot and if the disk is not
103 writable. <literal>auto</literal> is
105 <literal>persistent</literal> but the
107 <filename>/var/log/journal</filename>
108 is not created if needed, so that its
109 existence controls where log data
110 goes. <literal>none</literal> turns
111 off all storage, all log data received
112 will be dropped. Forwarding to other
113 targets, such as the console, the
114 kernel log buffer or a syslog daemon
115 will still work however. Defaults to
116 <literal>auto</literal>.</para></listitem>
120 <term><varname>Compress=</varname></term>
122 <listitem><para>Takes a boolean
123 value. If enabled (the default), data
124 objects that shall be stored in the
125 journal and are larger than a certain
126 threshold are compressed with the XZ
127 compression algorithm before they are
129 system.</para></listitem>
133 <term><varname>Seal=</varname></term>
135 <listitem><para>Takes a boolean
136 value. If enabled (the default), and a
137 sealing key is available (as created
139 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
140 <option>--setup-keys</option>
141 command), Forward Secure Sealing (FSS)
142 for all persistent journal files is
143 enabled. FSS is based on <ulink
144 url="https://eprint.iacr.org/2013/397">Seekable
145 Sequential Key Generators</ulink> by
146 G. A. Marson and B. Poettering
147 (doi:10.1007/978-3-642-40203-6_7)
148 and may be used to protect journal files
149 from unnoticed alteration.</para></listitem>
153 <term><varname>SplitMode=</varname></term>
155 <listitem><para>Controls whether to
156 split up journal files per user. One
157 of <literal>uid</literal>,
158 <literal>login</literal> and
159 <literal>none</literal>. If
160 <literal>uid</literal>, all users will
161 get each their own journal files
162 regardless of whether they possess a
163 login session or not, however system
164 users will log into the system
165 journal. If <literal>login</literal>,
166 actually logged-in users will get each
167 their own journal files, but users
168 without login session and system users
169 will log into the system journal. If
170 <literal>none</literal>, journal files
171 are not split up by user and all
172 messages are instead stored in the
173 single system journal. Note that
174 splitting up journal files by user is
175 only available for journals stored
176 persistently. If journals are stored
177 on volatile storage (see above), only
178 a single journal file for all user IDs
180 <literal>uid</literal>.</para></listitem>
184 <term><varname>RateLimitInterval=</varname></term>
185 <term><varname>RateLimitBurst=</varname></term>
187 <listitem><para>Configures the rate
188 limiting that is applied to all
189 messages generated on the system. If,
190 in the time interval defined by
191 <varname>RateLimitInterval=</varname>,
192 more messages than specified in
193 <varname>RateLimitBurst=</varname> are
194 logged by a service, all further
195 messages within the interval are
196 dropped until the interval is over. A
197 message about the number of dropped
198 messages is generated. This rate
199 limiting is applied per-service, so
200 that two services which log do not
201 interfere with each other's
202 limits. Defaults to 1000 messages in
203 30s. The time specification for
204 <varname>RateLimitInterval=</varname>
205 may be specified in the following
206 units: <literal>s</literal>,
207 <literal>min</literal>,
208 <literal>h</literal>,
209 <literal>ms</literal>,
210 <literal>us</literal>. To turn off any
211 kind of rate limiting, set either
212 value to 0.</para></listitem>
216 <term><varname>SystemMaxUse=</varname></term>
217 <term><varname>SystemKeepFree=</varname></term>
218 <term><varname>SystemMaxFileSize=</varname></term>
219 <term><varname>RuntimeMaxUse=</varname></term>
220 <term><varname>RuntimeKeepFree=</varname></term>
221 <term><varname>RuntimeMaxFileSize=</varname></term>
223 <listitem><para>Enforce size limits on
224 the journal files stored. The options
226 <literal>System</literal> apply to the
227 journal files when stored on a
228 persistent file system, more
230 <filename>/var/log/journal</filename>. The
231 options prefixed with
232 <literal>Runtime</literal> apply to
233 the journal files when stored on a
234 volatile in-memory file system, more
236 <filename>/run/log/journal</filename>. The
237 former is used only when
238 <filename>/var</filename> is mounted,
239 writable, and the directory
240 <filename>/var/log/journal</filename>
241 exists. Otherwise, only the latter
242 applies. Note that this means that
243 during early boot and if the
244 administrator disabled persistent
245 logging, only the latter options apply,
246 while the former apply if persistent
247 logging is enabled and the system is
249 up. <command>journalctl</command> and
250 <command>systemd-journald</command>
251 ignore all files with names not ending
252 with <literal>.journal</literal> or
253 <literal>.journal~</literal>, so only
254 such files, located in the appropriate
255 directories, are taken into account
256 when calculating current disk usage.
259 <para><varname>SystemMaxUse=</varname>
260 and <varname>RuntimeMaxUse=</varname>
261 control how much disk space the
262 journal may use up at maximum.
263 <varname>SystemKeepFree=</varname> and
264 <varname>RuntimeKeepFree=</varname>
265 control how much disk space
266 systemd-journald shall leave free for
268 <command>systemd-journald</command>
269 will respect both limits and use the
270 smaller of the two values.</para>
272 <para>The first pair defaults to 10%
273 and the second to 15% of the size of
274 the respective file system. If the
275 file system is nearly full and either
276 <varname>SystemKeepFree=</varname> or
277 <varname>RuntimeKeepFree=</varname> is
278 violated when systemd-journald is
279 started, the value will be raised to
280 percentage that is actually free. This
281 means that if there was enough
282 free space before and journal files were
283 created, and subsequently something
284 else causes the file system to fill
285 up, journald will stop using more
286 space, but it will not be removing
287 existing files to go reduce footprint
290 <para><varname>SystemMaxFileSize=</varname>
292 <varname>RuntimeMaxFileSize=</varname>
293 control how large individual journal
294 files may grow at maximum. This
295 influences the granularity in which
296 disk space is made available through
297 rotation, i.e. deletion of historic
298 data. Defaults to one eighth of the
299 values configured with
300 <varname>SystemMaxUse=</varname> and
301 <varname>RuntimeMaxUse=</varname>, so
302 that usually seven rotated journal
303 files are kept as history. Specify
304 values in bytes or use K, M, G, T, P,
305 E as units for the specified sizes
306 (equal to 1024, 1024²,... bytes).
307 Note that size limits are enforced
308 synchronously when journal files are
309 extended, and no explicit rotation
310 step triggered by time is
311 needed.</para></listitem>
315 <term><varname>MaxFileSec=</varname></term>
317 <listitem><para>The maximum time to
318 store entries in a single journal
319 file before rotating to the next
320 one. Normally, time-based rotation
321 should not be required as size-based
322 rotation with options such as
323 <varname>SystemMaxFileSize=</varname>
324 should be sufficient to ensure that
325 journal files do not grow without
326 bounds. However, to ensure that not
327 too much data is lost at once when old
328 journal files are deleted, it might
329 make sense to change this value from
330 the default of one month. Set to 0 to
331 turn off this feature. This setting
332 takes time values which may be
333 suffixed with the units
334 <literal>year</literal>,
335 <literal>month</literal>,
336 <literal>week</literal>, <literal>day</literal>,
337 <literal>h</literal> or <literal>m</literal>
338 to override the default time unit of
339 seconds.</para></listitem>
343 <term><varname>MaxRetentionSec=</varname></term>
345 <listitem><para>The maximum time to
346 store journal entries. This
347 controls whether journal files
348 containing entries older then the
349 specified time span are
350 deleted. Normally, time-based deletion
351 of old journal files should not be
352 required as size-based deletion with
354 <varname>SystemMaxUse=</varname>
355 should be sufficient to ensure that
356 journal files do not grow without
357 bounds. However, to enforce data
358 retention policies, it might make sense
359 to change this value from the
360 default of 0 (which turns off this
361 feature). This setting also takes
362 time values which may be suffixed with
363 the units <literal>year</literal>,
364 <literal>month</literal>,
365 <literal>week</literal>, <literal>day</literal>,
366 <literal>h</literal> or <literal> m</literal>
367 to override the default time unit of
368 seconds.</para></listitem>
373 <term><varname>SyncIntervalSec=</varname></term>
375 <listitem><para>The timeout before
376 synchronizing journal files to
377 disk. After syncing, journal files are
378 placed in the OFFLINE state. Note that
379 syncing is unconditionally done
380 immediately after a log message of
381 priority CRIT, ALERT or EMERG has been
382 logged. This setting hence applies
383 only to messages of the levels ERR,
384 WARNING, NOTICE, INFO, DEBUG. The
385 default timeout is 5 minutes.
390 <term><varname>ForwardToSyslog=</varname></term>
391 <term><varname>ForwardToKMsg=</varname></term>
392 <term><varname>ForwardToConsole=</varname></term>
393 <term><varname>ForwardToWall=</varname></term>
395 <listitem><para>Control whether log
396 messages received by the journal
397 daemon shall be forwarded to a
398 traditional syslog daemon, to the
399 kernel log buffer (kmsg), to the
400 system console, or sent as wall
401 messages to all logged-in users. These
402 options take boolean arguments. If
403 forwarding to syslog is enabled but no
404 syslog daemon is running, the
405 respective option has no effect. By
406 default, only forwarding wall is
407 enabled. These settings may be
408 overridden at boot time with the
409 kernel command line options
410 <literal>systemd.journald.forward_to_syslog=</literal>,
411 <literal>systemd.journald.forward_to_kmsg=</literal>,
412 <literal>systemd.journald.forward_to_console=</literal>
414 <literal>systemd.journald.forward_to_wall=</literal>.
415 When forwarding to the console, the
416 TTY to log to can be changed with
417 <varname>TTYPath=</varname>, described
418 below.</para></listitem>
422 <term><varname>MaxLevelStore=</varname></term>
423 <term><varname>MaxLevelSyslog=</varname></term>
424 <term><varname>MaxLevelKMsg=</varname></term>
425 <term><varname>MaxLevelConsole=</varname></term>
426 <term><varname>MaxLevelWall=</varname></term>
428 <listitem><para>Controls the maximum
429 log level of messages that are stored
430 on disk, forwarded to syslog, kmsg,
431 the console or wall (if that is
432 enabled, see above). As argument,
434 <literal>emerg</literal>,
435 <literal>alert</literal>,
436 <literal>crit</literal>,
437 <literal>err</literal>,
438 <literal>warning</literal>,
439 <literal>notice</literal>,
440 <literal>info</literal>,
441 <literal>debug</literal> or integer
442 values in the range of 0..7 (corresponding
443 to the same levels). Messages equal or below
444 the log level specified are
445 stored/forwarded, messages above are
447 <literal>debug</literal> for
448 <varname>MaxLevelStore=</varname> and
449 <varname>MaxLevelSyslog=</varname>, to
450 ensure that the all messages are
451 written to disk and forwarded to
453 <literal>notice</literal> for
454 <varname>MaxLevelKMsg=</varname>,
455 <literal>info</literal> for
456 <varname>MaxLevelConsole=</varname> and
457 <literal>emerg</literal> for
458 <varname>MaxLevelWall=</varname>.</para></listitem>
462 <term><varname>TTYPath=</varname></term>
464 <listitem><para>Change the console TTY
466 <varname>ForwardToConsole=yes</varname>
468 <filename>/dev/console</filename>.</para></listitem>
476 <title>See Also</title>
478 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
479 <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
480 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
481 <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
482 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>