systemd-journald.service, systemd-journald.socket, systemd-journald — Journal service
systemd-journald.service
systemd-journald.socket
/usr/lib/systemd/systemd-journald
systemd-journald
is a
system service that collects and stores logging
data. It creates and maintains structured, indexed
journals based on logging information that is received
from the kernel, from user processes via the libc
syslog(3)
call, from STDOUT/STDERR of system services or via its
native API. It will implicitly collect numerous meta
data fields for each log messages in a secure and
unfakeable way. See
systemd.journal-fields(7)
for more information about the collected meta data.
Log data collected by the journal is primarily text based but can also include binary data where necessary. All objects stored in the journal can be up to 2^64-1 bytes in size.
By default the journal stores log data in
/run/log/journal/
. Since
/run/
is volatile log data is
lost at reboot. To make the data persistent it
is sufficient to create
/var/log/journal/
where
systemd-journald
will then store
the data.
systemd-journald
will
forward all received log messages to the AF_UNIX
SOCK_DGRAM socket
/run/systemd/journal/syslog
(if it exists) which
may be used by UNIX syslog daemons to process the data
further.
See journald.conf(5) for information about the configuration of this service.
Request that journal
data from /run/
is flushed to
/var/
in order to
make it persistent (if this is
enabled). This must be used after
/var/
is mounted,
as otherwise log data from
/run
is never
flushed to /var
regardless of the
configuration.
Request immediate rotation of the journal files.
A few configuration parameters from
journald.conf
may be overridden on
the kernel command line:
systemd.journald.forward_to_syslog=
, systemd.journald.forward_to_kmsg=
, systemd.journald.forward_to_console=
¶Enables/disables forwarding of collected log messages to syslog, the kernel log buffer or the system console.
See journald.conf(5) for information about these settings.
Journal files are by default owned and readable
by the systemd-journal
system group
(but not writable). Adding a user to this group thus
enables her/him to read the journal files.
By default, each logged in user will get her/his
own set of journal files in
/var/log/journal/
. These files
will not be owned by the user however, in order to
avoid that the user can write to them
directly. Instead, file system ACLs are used to ensure
the user gets read access only.
Additional users and groups may be granted
access to journal files via file system access control
lists (ACL). Distributions and administrators may
choose to grant read access to all members of the
wheel
and adm
system groups with a command such as the
following:
# setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/
Note that this command will update the ACLs both
for existing journal files and for future journal
files created in the
/var/log/journal/
directory.