01cf0ca850dd1c21e1c405a4493fe61d0c28d721Lennart Poettering<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
12b42c76672a66c2d4ea7212c14f8f1b5a62b78dTom Gundersen "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
01cf0ca850dd1c21e1c405a4493fe61d0c28d721Lennart Poettering This file is part of systemd.
01cf0ca850dd1c21e1c405a4493fe61d0c28d721Lennart Poettering Copyright 2010 Lennart Poettering
01cf0ca850dd1c21e1c405a4493fe61d0c28d721Lennart Poettering systemd is free software; you can redistribute it and/or modify it
01cf0ca850dd1c21e1c405a4493fe61d0c28d721Lennart Poettering under the terms of the GNU Lesser General Public License as published by
01cf0ca850dd1c21e1c405a4493fe61d0c28d721Lennart Poettering the Free Software Foundation; either version 2.1 of the License, or
01cf0ca850dd1c21e1c405a4493fe61d0c28d721Lennart Poettering (at your option) any later version.
01cf0ca850dd1c21e1c405a4493fe61d0c28d721Lennart Poettering systemd is distributed in the hope that it will be useful, but
01cf0ca850dd1c21e1c405a4493fe61d0c28d721Lennart Poettering WITHOUT ANY WARRANTY; without even the implied warranty of
01cf0ca850dd1c21e1c405a4493fe61d0c28d721Lennart Poettering MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
01cf0ca850dd1c21e1c405a4493fe61d0c28d721Lennart Poettering Lesser General Public License for more details.
01cf0ca850dd1c21e1c405a4493fe61d0c28d721Lennart Poettering You should have received a copy of the GNU Lesser General Public License
01cf0ca850dd1c21e1c405a4493fe61d0c28d721Lennart Poettering along with systemd; If not, see <http://www.gnu.org/licenses/>.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <title>systemd-journald.service</title>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <productname>systemd</productname>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <email>lennart@poettering.net</email>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <refentrytitle>systemd-journald.service</refentrytitle>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <refname>systemd-journald.service</refname>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <refname>systemd-journald.socket</refname>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <refname>systemd-journald-dev-log.socket</refname>
37b7affefde5443680d73642a990ce86776e28afZbigniew Jędrzejewski-Szmek <refname>systemd-journald-audit.socket</refname>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <refname>systemd-journald</refname>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <refpurpose>Journal service</refpurpose>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <refsynopsisdiv>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para><filename>systemd-journald.service</filename></para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para><filename>systemd-journald.socket</filename></para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para><filename>systemd-journald-dev-log.socket</filename></para>
37b7affefde5443680d73642a990ce86776e28afZbigniew Jędrzejewski-Szmek <para><filename>systemd-journald-audit.socket</filename></para>
12b42c76672a66c2d4ea7212c14f8f1b5a62b78dTom Gundersen <para><filename>/usr/lib/systemd/systemd-journald</filename></para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek </refsynopsisdiv>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para><filename>systemd-journald</filename> is a system service
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek that collects and stores logging data. It creates and maintains
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek structured, indexed journals based on logging information that is
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek received from a variety of sources:</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Kernel log messages, via kmsg</para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Simple system log messages, via the libc
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Structured system log messages via the native
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Journal API, see
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>sd_journal_print</refentrytitle><manvolnum>4</manvolnum></citerefentry></para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Standard output and standard error of system
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Audit records, via the audit
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para>The daemon will implicitly collect numerous metadata fields
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek for each log messages in a secure and unfakeable way. See
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek for more information about the collected metadata.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para>Log data collected by the journal is primarily text-based
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek but can also include binary data where necessary. All objects
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek stored in the journal can be up to 2^64-1 bytes in size.</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para>By default, the journal stores log data in
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <filename>/run/log/journal/</filename>. Since
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <filename>/run/</filename> is volatile, log data is lost at
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek reboot. To make the data persistent, it is sufficient to create
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <filename>/var/log/journal/</filename> where
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <filename>systemd-journald</filename> will then store the
c214ee6f15fd92342a7526fd99dc768d56950ac7Evgeny Vereshchagin <programlisting>mkdir -p /var/log/journal
c214ee6f15fd92342a7526fd99dc768d56950ac7Evgeny Vereshchaginsystemd-tmpfiles --create --prefix /var/log/journal</programlisting>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek for information about the configuration of this service.</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Request that journal data from
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <filename>/run/</filename> is flushed to
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <filename>/var/</filename> in order to make it persistent (if
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek this is enabled). This must be used after
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <filename>/var/</filename> is mounted, as otherwise log data
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek from <filename>/run</filename> is never flushed to
94b6551662e0db8eb09768ed70f77759f322b4c6Lennart Poettering <filename>/var</filename> regardless of the configuration. The
94b6551662e0db8eb09768ed70f77759f322b4c6Lennart Poettering <command>journalctl --flush</command> command uses this signal
94b6551662e0db8eb09768ed70f77759f322b4c6Lennart Poettering to request flushing of the journal files, and then waits for
94b6551662e0db8eb09768ed70f77759f322b4c6Lennart Poettering the operation to complete. See
94b6551662e0db8eb09768ed70f77759f322b4c6Lennart Poettering <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Request immediate rotation of the journal
94b6551662e0db8eb09768ed70f77759f322b4c6Lennart Poettering files. The <command>journalctl --rotate</command> command uses
94b6551662e0db8eb09768ed70f77759f322b4c6Lennart Poettering this signal to request journal file
94b6551662e0db8eb09768ed70f77759f322b4c6Lennart Poettering </varlistentry>
94b6551662e0db8eb09768ed70f77759f322b4c6Lennart Poettering <varlistentry>
94b6551662e0db8eb09768ed70f77759f322b4c6Lennart Poettering <listitem><para>Request that all unwritten log data is written
94b6551662e0db8eb09768ed70f77759f322b4c6Lennart Poettering to disk. The <command>journalctl --sync</command> command uses
94b6551662e0db8eb09768ed70f77759f322b4c6Lennart Poettering this signal to trigger journal synchronization, and then waits
94b6551662e0db8eb09768ed70f77759f322b4c6Lennart Poettering for the operation to complete.</para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <title>Kernel Command Line</title>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para>A few configuration parameters from
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <filename>journald.conf</filename> may be overridden on the kernel
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek command line:</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <variablelist class='kernel-commandline-options'>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>systemd.journald.forward_to_syslog=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>systemd.journald.forward_to_kmsg=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>systemd.journald.forward_to_console=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>systemd.journald.forward_to_wall=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Enables/disables forwarding of collected log
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek messages to syslog, the kernel log buffer, the system console
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek for information about these settings.</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para>Journal files are, by default, owned and readable by the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <literal>systemd-journal</literal> system group but are not
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek writable. Adding a user to this group thus enables her/him to read
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek the journal files.</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para>By default, each logged in user will get her/his own set of
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek journal files in <filename>/var/log/journal/</filename>. These
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek files will not be owned by the user, however, in order to avoid
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek that the user can write to them directly. Instead, file system
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek ACLs are used to ensure the user gets read access only.</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para>Additional users and groups may be granted access to journal
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek files via file system access control lists (ACL). Distributions
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek and administrators may choose to grant read access to all members
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek of the <literal>wheel</literal> and <literal>adm</literal> system
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek groups with a command such as the following:</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <programlisting># setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/</programlisting>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para>Note that this command will update the ACLs both for
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek existing journal files and for future journal files created in the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <filename>/var/log/journal/</filename> directory.</para>
12b42c76672a66c2d4ea7212c14f8f1b5a62b78dTom Gundersen <term><filename>/etc/systemd/journald.conf</filename></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <command>systemd-journald</command>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><filename>/run/log/journal/<replaceable>machine-id</replaceable>/*.journal</filename></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><filename>/run/log/journal/<replaceable>machine-id</replaceable>/*.journal~</filename></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><filename>/var/log/journal/<replaceable>machine-id</replaceable>/*.journal</filename></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><filename>/var/log/journal/<replaceable>machine-id</replaceable>/*.journal~</filename></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para><command>systemd-journald</command> writes
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek entries to files in
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <filename>/run/log/journal/<replaceable>machine-id</replaceable>/</filename>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <filename>/var/log/journal/<replaceable>machine-id</replaceable>/</filename>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek with the <literal>.journal</literal> suffix. If the daemon is
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek stopped uncleanly, or if the files are found to be corrupted,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek they are renamed using the <literal>.journal~</literal>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek suffix, and <command>systemd-journald</command> starts writing
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek to a new file. <filename>/run</filename> is used when
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <filename>/var/log/journal</filename> is not available, or
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek when <option>Storage=volatile</option> is set in the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
37b7affefde5443680d73642a990ce86776e28afZbigniew Jędrzejewski-Szmek configuration file.</para></listitem>
37b7affefde5443680d73642a990ce86776e28afZbigniew Jędrzejewski-Szmek <term><filename>/dev/kmsg</filename></term>
37b7affefde5443680d73642a990ce86776e28afZbigniew Jędrzejewski-Szmek <term><filename>/dev/log</filename></term>
37b7affefde5443680d73642a990ce86776e28afZbigniew Jędrzejewski-Szmek <term><filename>/run/systemd/journal/dev-log</filename></term>
37b7affefde5443680d73642a990ce86776e28afZbigniew Jędrzejewski-Szmek <term><filename>/run/systemd/journal/socket</filename></term>
37b7affefde5443680d73642a990ce86776e28afZbigniew Jędrzejewski-Szmek <term><filename>/run/systemd/journal/stdout</filename></term>
e296313f7b397a45b144313056b50374c3bf4016Zbigniew Jędrzejewski-Szmek <listitem><para>Sockets and other paths that
37b7affefde5443680d73642a990ce86776e28afZbigniew Jędrzejewski-Szmek <command>systemd-journald</command> will listen on that are
a8eaaee72a2f06e0fb64fb71de3b71ecba31dafbJan Engelhardt visible in the file system. In addition to these, journald can
37b7affefde5443680d73642a990ce86776e28afZbigniew Jędrzejewski-Szmek listen for audit events using netlink.</para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>sd-journal</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd-coredump</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
3ba3a79df4ae094d1008c04a9af8d1ff970124c4Zbigniew Jędrzejewski-Szmek <citerefentry project='die-net'><refentrytitle>setfacl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>sd_journal_print</refentrytitle><manvolnum>4</manvolnum></citerefentry>,