systemd-journald.service, systemd-journald.socket, systemd-journald-dev-log.socket, systemd-journald — Journal service
systemd-journald is a
system service that collects and stores logging data.
It creates and maintains structured, indexed journals
based on logging information that is received from the
kernel, from user processes via the libc
call, from standard input and standard error of system
services or via its native API. It will implicitly
collect numerous metadata fields for each log
messages in a secure and unfakeable way. See
for more information about the collected metadata.
Log data collected by the journal is primarily text-based but can also include binary data where necessary. All objects stored in the journal can be up to 2^64-1 bytes in size.
By default, the journal stores log data in
/run/ is volatile, log data is
lost at reboot. To make the data persistent, it
is sufficient to create
systemd-journald will then store
forward all received log messages to the
/run/systemd/journal/syslog, if it exists, which
may be used by Unix syslog daemons to process the data
See journald.conf(5) for information about the configuration of this service.
Request that journal
is flushed to
/var/ in order to
make it persistent (if this is
enabled). This must be used after
/var/ is mounted,
as otherwise log data from
/run is never
regardless of the
Request immediate rotation of the journal files.
A few configuration parameters from
journald.conf may be overridden on
the kernel command line:
Enables/disables forwarding of collected log messages to syslog, the kernel log buffer, the system console or wall.
See journald.conf(5) for information about these settings.
Journal files are, by default, owned and readable
by the "
systemd-journal" system group
but are not writable. Adding a user to this group thus
enables her/him to read the journal files.
By default, each logged in user will get her/his
own set of journal files in
/var/log/journal/. These files
will not be owned by the user, however, in order to
avoid that the user can write to them
directly. Instead, file system ACLs are used to ensure
the user gets read access only.
Additional users and groups may be granted
access to journal files via file system access control
lists (ACL). Distributions and administrators may
choose to grant read access to all members of the
wheel" and "
system groups with a command such as the
# setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/
Note that this command will update the ACLs both
for existing journal files and for future journal
files created in the
Configure systemd-journald behaviour. See journald.conf(5).
writes entries to files in
with the "
suffix. If the daemon is stopped
uncleanly, or if the files are found
to be corrupted, they are renamed
using the "
starts writing to a new
is not available, or when
set in the