journald.conf(5)


NAME

   journald.conf, journald.conf.d - Journal service configuration files

SYNOPSIS

   /etc/systemd/journald.conf

   /etc/systemd/journald.conf.d/*.conf

   /run/systemd/journald.conf.d/*.conf

   /usr/lib/systemd/journald.conf.d/*.conf

DESCRIPTION

   These files configure various parameters of the systemd journal
   service, systemd-journald.service(8).

CONFIGURATION DIRECTORIES AND PRECEDENCE

   The default configuration is defined during compilation, so a
   configuration file is only needed when it is necessary to deviate from
   those defaults. By default, the configuration file in /etc/systemd/
   contains commented out entries showing the defaults as a guide to the
   administrator. This file can be edited to create local overrides.

   When packages need to customize the configuration, they can install
   configuration snippets in /usr/lib/systemd/*.conf.d/. Files in /etc/
   are reserved for the local administrator, who may use this logic to
   override the configuration files installed by vendor packages. The main
   configuration file is read before any of the configuration directories,
   and has the lowest precedence; entries in a file in any configuration
   directory override entries in the single configuration file. Files in
   the *.conf.d/ configuration subdirectories are sorted by their filename
   in lexicographic order, regardless of which of the subdirectories they
   reside in. If multiple files specify the same option, the entry in the
   file with the lexicographically latest name takes precedence. It is
   recommended to prefix all filenames in those subdirectories with a
   two-digit number and a dash, to simplify the ordering of the files.

   To disable a configuration file supplied by the vendor, the recommended
   way is to place a symlink to /dev/null in the configuration directory
   in /etc/, with the same filename as the vendor configuration file.

OPTIONS

   All options are configured in the "[Journal]" section:

   Storage=
       Controls where to store journal data. One of "volatile",
       "persistent", "auto" and "none". If "volatile", journal log data
       will be stored only in memory, i.e. below the /run/log/journal
       hierarchy (which is created if needed). If "persistent", data will
       be stored preferably on disk, i.e. below the /var/log/journal
       hierarchy (which is created if needed), with a fallback to
       /run/log/journal (which is created if needed), during early boot
       and if the disk is not writable.  "auto" is similar to "persistent"
       but the directory /var/log/journal is not created if needed, so
       that its existence controls where log data goes.  "none" turns off
       all storage, all log data received will be dropped. Forwarding to
       other targets, such as the console, the kernel log buffer, or a
       syslog socket will still work however. Defaults to "auto".

   Compress=
       Takes a boolean value. If enabled (the default), data objects that
       shall be stored in the journal and are larger than a certain
       threshold are compressed before they are written to the file
       system.

   Seal=
       Takes a boolean value. If enabled (the default), and a sealing key
       is available (as created by journalctl(1)'s --setup-keys command),
       Forward Secure Sealing (FSS) for all persistent journal files is
       enabled. FSS is based on Seekable Sequential Key Generators[1] by
       G. A. Marson and B. Poettering (doi:10.1007/978-3-642-40203-6_7)
       and may be used to protect journal files from unnoticed alteration.

   SplitMode=
       Controls whether to split up journal files per user, either "uid"
       or "none". Split journal files are primarily useful for access
       control: on UNIX/Linux access control is managed per file, and the
       journal daemon will assign users read access to their journal
       files. If "uid", all regular users will each get their own journal
       files, and system users will log to the system journal. If "none",
       journal files are not split up by user and all messages are instead
       stored in the single system journal. In this mode unprivileged
       users generally do not have access to their own log data. Note that
       splitting up journal files by user is only available for journals
       stored persistently. If journals are stored on volatile storage
       (see Storage= above), only a single journal file is used. Defaults
       to "uid".

   RateLimitIntervalSec=, RateLimitBurst=
       Configures the rate limiting that is applied to all messages
       generated on the system. If, in the time interval defined by
       RateLimitIntervalSec=, more messages than specified in
       RateLimitBurst= are logged by a service, all further messages
       within the interval are dropped until the interval is over. A
       message about the number of dropped messages is generated. This
       rate limiting is applied per-service, so that two services which
       log do not interfere with each other's limits. Defaults to 1000
       messages in 30s. The time specification for RateLimitIntervalSec=
       may be specified in the following units: "s", "min", "h", "ms",
       "us". To turn off any kind of rate limiting, set either value to 0.

   SystemMaxUse=, SystemKeepFree=, SystemMaxFileSize=, SystemMaxFiles=,
   RuntimeMaxUse=, RuntimeKeepFree=, RuntimeMaxFileSize=, RuntimeMaxFiles=
       Enforce size limits on the journal files stored. The options
       prefixed with "System" apply to the journal files when stored on a
       persistent file system, more specifically /var/log/journal. The
       options prefixed with "Runtime" apply to the journal files when
       stored on a volatile in-memory file system, more specifically
       /run/log/journal. The former is used only when /var is mounted,
       writable, and the directory /var/log/journal exists. Otherwise,
       only the latter applies. Note that this means that during early
       boot and if the administrator disabled persistent logging, only the
       latter options apply, while the former apply if persistent logging
       is enabled and the system is fully booted up.  journalctl and
       systemd-journald ignore all files with names not ending with
       ".journal" or ".journal~", so only such files, located in the
       appropriate directories, are taken into account when calculating
       current disk usage.

       SystemMaxUse= and RuntimeMaxUse= control how much disk space the
       journal may use up at most.  SystemKeepFree= and RuntimeKeepFree=
       control how much disk space systemd-journald shall leave free for
       other uses.  systemd-journald will respect both limits and use the
       smaller of the two values.

       The first pair defaults to 10% and the second to 15% of the size of
       the respective file system, but each value is capped to 4G. If the
       file system is nearly full and either SystemKeepFree= or
       RuntimeKeepFree= are violated when systemd-journald is started, the
       limit will be raised to the percentage that is actually free. This
       means that if there was enough free space before and journal files
       were created, and subsequently something else causes the file
       system to fill up, journald will stop using more space, but it will
       not be removing existing files to reduce the footprint again,
       either.

       SystemMaxFileSize= and RuntimeMaxFileSize= control how large
       individual journal files may grow at most. This influences the
       granularity in which disk space is made available through rotation,
       i.e. deletion of historic data. Defaults to one eighth of the
       values configured with SystemMaxUse= and RuntimeMaxUse=, so that
       usually seven rotated journal files are kept as history.

       Specify values in bytes or use K, M, G, T, P, E as units for the
       specified sizes (equal to 1024, 1024, ... bytes). Note that size
       limits are enforced synchronously when journal files are extended,
       and no explicit rotation step triggered by time is needed.

       SystemMaxFiles= and RuntimeMaxFiles= control how many individual
       journal files to keep at most. Note that only archived files are
       deleted to reduce the number of files until this limit is reached;
       active files will stay around. This means that, in effect, there
       might still be more journal files around in total than this limit
       after a vacuuming operation is complete. This setting defaults to
       100.

   MaxFileSec=
       The maximum time to store entries in a single journal file before
       rotating to the next one. Normally, time-based rotation should not
       be required as size-based rotation with options such as
       SystemMaxFileSize= should be sufficient to ensure that journal
       files do not grow without bounds. However, to ensure that not too
       much data is lost at once when old journal files are deleted, it
       might make sense to change this value from the default of one
       month. Set to 0 to turn off this feature. This setting takes time
       values which may be suffixed with the units "year", "month",
       "week", "day", "h" or "m" to override the default time unit of
       seconds.

   MaxRetentionSec=
       The maximum time to store journal entries. This controls whether
       journal files containing entries older then the specified time span
       are deleted. Normally, time-based deletion of old journal files
       should not be required as size-based deletion with options such as
       SystemMaxUse= should be sufficient to ensure that journal files do
       not grow without bounds. However, to enforce data retention
       policies, it might make sense to change this value from the default
       of 0 (which turns off this feature). This setting also takes time
       values which may be suffixed with the units "year", "month",
       "week", "day", "h" or " m" to override the default time unit of
       seconds.

   SyncIntervalSec=
       The timeout before synchronizing journal files to disk. After
       syncing, journal files are placed in the OFFLINE state. Note that
       syncing is unconditionally done immediately after a log message of
       priority CRIT, ALERT or EMERG has been logged. This setting hence
       applies only to messages of the levels ERR, WARNING, NOTICE, INFO,
       DEBUG. The default timeout is 5 minutes.

   ForwardToSyslog=, ForwardToKMsg=, ForwardToConsole=, ForwardToWall=
       Control whether log messages received by the journal daemon shall
       be forwarded to a traditional syslog daemon, to the kernel log
       buffer (kmsg), to the system console, or sent as wall messages to
       all logged-in users. These options take boolean arguments. If
       forwarding to syslog is enabled but nothing reads messages from the
       socket, forwarding to syslog has no effect. By default, only
       forwarding to syslog and wall is enabled. These settings may be
       overridden at boot time with the kernel command line options
       "systemd.journald.forward_to_syslog",
       "systemd.journald.forward_to_kmsg",
       "systemd.journald.forward_to_console", and
       "systemd.journald.forward_to_wall". If the option name is specified
       without "=" and the following argument, true is assumed. Otherwise,
       the argument is parsed as a boolean. When forwarding to the
       console, the TTY to log to can be changed with TTYPath=, described
       below.

   MaxLevelStore=, MaxLevelSyslog=, MaxLevelKMsg=, MaxLevelConsole=,
   MaxLevelWall=
       Controls the maximum log level of messages that are stored on disk,
       forwarded to syslog, kmsg, the console or wall (if that is enabled,
       see above). As argument, takes one of "emerg", "alert", "crit",
       "err", "warning", "notice", "info", "debug", or integer values in
       the range of 0--7 (corresponding to the same levels). Messages equal
       or below the log level specified are stored/forwarded, messages
       above are dropped. Defaults to "debug" for MaxLevelStore= and
       MaxLevelSyslog=, to ensure that the all messages are written to
       disk and forwarded to syslog. Defaults to "notice" for
       MaxLevelKMsg=, "info" for MaxLevelConsole=, and "emerg" for
       MaxLevelWall=. These settings may be overridden at boot time with
       the kernel command line options
       "systemd.journald.max_level_store=",
       "systemd.journald.max_level_syslog=",
       "systemd.journald.max_level_kmsg=",
       "systemd.journald.max_level_console=",
       "systemd.journald.max_level_wall=".

   TTYPath=
       Change the console TTY to use if ForwardToConsole=yes is used.
       Defaults to /dev/console.

FORWARDING TO TRADITIONAL SYSLOG DAEMONS

   Journal events can be transferred to a different logging daemon in two
   different ways. With the first method, messages are immediately
   forwarded to a socket (/run/systemd/journal/syslog), where the
   traditional syslog daemon can read them. This method is controlled by
   the ForwardToSyslog= option. With a second method, a syslog daemon
   behaves like a normal journal client, and reads messages from the
   journal files, similarly to journalctl(1). With this, messages do not
   have to be read immediately, which allows a logging daemon which is
   only started late in boot to access all messages since the start of the
   system. In addition, full structured meta-data is available to it. This
   method of course is available only if the messages are stored in a
   journal file at all. So it will not work if Storage=none is set. It
   should be noted that usually the second method is used by syslog
   daemons, so the Storage= option, and not the ForwardToSyslog= option,
   is relevant for them.

SEE ALSO

   systemd(1), systemd-journald.service(8), journalctl(1),
   systemd.journal-fields(7), systemd-system.conf(5)

NOTES

    1. Seekable Sequential Key Generators
       https://eprint.iacr.org/2013/397





Opportunity


Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.

Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.





Free Software


Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.


Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.





Free Books


The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.


Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.





Education


Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.


Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.