systemd-journald.service, systemd-journald.socket, systemd-journald-dev-log.socket, systemd-journald — Journal service
systemd-journald is a system service
that collects and stores logging data. It creates and maintains
structured, indexed journals based on logging information that is
received from a variety of sources:
The daemon will implicitly collect numerous metadata fields for each log messages in a secure and unfakeable way. See systemd.journal-fields(7) for more information about the collected metadata.
Log data collected by the journal is primarily text-based but can also include binary data where necessary. All objects stored in the journal can be up to 2^64-1 bytes in size.
By default, the journal stores log data in
/run/ is volatile, log data is lost at
reboot. To make the data persistent, it is sufficient to create
systemd-journald will then store the
mkdir -p /var/log/journal systemd-tmpfiles --create --prefix /var/log/journal
systemd-journald will forward all
received log messages to the
/run/systemd/journal/syslog, if it
exists, which may be used by Unix syslog daemons to process the
See journald.conf(5) for information about the configuration of this service.
Request that journal data from
/run/ is flushed to
/var/ in order to make it persistent (if
this is enabled). This must be used after
/var/ is mounted, as otherwise log data
/run is never flushed to
/var regardless of the
Request immediate rotation of the journal files.
A few configuration parameters from
journald.conf may be overridden on the kernel
Enables/disables forwarding of collected log messages to syslog, the kernel log buffer, the system console or wall.
See journald.conf(5) for information about these settings.
Journal files are, by default, owned and readable by the
systemd-journal" system group but are not
writable. Adding a user to this group thus enables her/him to read
the journal files.
By default, each logged in user will get her/his own set of
journal files in
files will not be owned by the user, however, in order to avoid
that the user can write to them directly. Instead, file system
ACLs are used to ensure the user gets read access only.
Additional users and groups may be granted access to journal
files via file system access control lists (ACL). Distributions
and administrators may choose to grant read access to all members
of the "
wheel" and "
groups with a command such as the following:
# setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/
Note that this command will update the ACLs both for
existing journal files and for future journal files created in the
Configure systemd-journald behavior. See journald.conf(5).
entries to files in
with the "
.journal" suffix. If the daemon is
stopped uncleanly, or if the files are found to be corrupted,
they are renamed using the "
suffix, and systemd-journald starts writing
to a new file.
/run is used when
/var/log/journal is not available, or
Storage=volatile is set in the