Journalctl. What kind of journald setting is more correct?

alekseev · 07-22-2018, 11:30 PM

journald allows you to configure yourself through a configuration file or command line.

Configuration file:
SystemMaxUse = - the maximum amount that logs can occupy on the disk;
SystemKeepFree = - the amount of free space that should remain on the disk after saving logs;
SystemMaxFileSize = - the size of the log file upon which it should be removed from the disk;
RuntimeMaxUse = - the maximum amount that logs can occupy in the file system / run;
RuntimeKeepFree = - the amount of free space that must remain in the file system / run after saving logs;
RuntimeMaxFileSize = - the size of the log file upon which it should be removed from the file system / run.

Command line:
journalctl --vacuum-size = 1G
journalctl --vacuum-time = 1years

Which option is more correct in view of saving the settings after rebooting or shutting down?

ferrari · 07-22-2018, 11:43 PM

From 'man systemd-journald'...

Quote:

By default, the journal stores log data in /run/log/journal/. Since /run/ is volatile, log data is lost at reboot. To make the data persistent, it is sufficient to create
/var/log/journal/ where systemd-journald will then store the data:

mkdir -p /var/log/journal
systemd-tmpfiles --create --prefix /var/log/journal

See journald.conf(5) for information about the configuration of this service.

and 'man journald.conf'

Quote:

All options are configured in the "[Journal]" section:

Storage=
Controls where to store journal data. One of "volatile", "persistent", "auto" and "none". If "volatile", journal log data will be stored only in memory, i.e. below the
/run/log/journal hierarchy (which is created if needed). If "persistent", data will be stored preferably on disk, i.e. below the /var/log/journal hierarchy (which is created
if needed), with a fallback to /run/log/journal (which is created if needed), during early boot and if the disk is not writable. "auto" is similar to "persistent" but the
directory /var/log/journal is not created if needed, so that its existence controls where log data goes. "none" turns off all storage, all log data received will be dropped.
Forwarding to other targets, such as the console, the kernel log buffer, or a syslog socket will still work however. Defaults to "auto".

alekseev · 07-23-2018, 12:14 AM

What privileges should I give /var/log/journal?

syg00 · 07-23-2018, 12:16 AM

Just create it as root - systemd will change it as needed.

As for your initial question, use the config file - the vaccuum options are probably for when you find you have to release some space in a hurry.

syg00 · 07-23-2018, 12:24 AM

Might not be worth worrying about - this laptop has journals since late May 2015, and totals 1.8 Gig. With the size of disks these days, who cares .

alekseev · 07-23-2018, 01:00 AM

1.8 GB and if the server. Should I give the log 5-10 Gb?

alekseev · 07-23-2018, 01:02 AM

Quote:

Originally Posted by syg00

Just create it as root - systemd will change it as needed.

As for your initial question, use the config file - the vaccuum options are probably for when you find you have to release some space in a hurry.

Do I give the folder access only to root?

ferrari · 07-23-2018, 01:12 AM

If you create it as root, systemd-journald will re-apply the correct group itself next boot...

Code:

# ls -l /var/log/journal
total 4
drwxr-sr-x 2 root systemd-journal 4096 Jul 23 17:37 a0848146a8854c519ce698d28901e824

alekseev · 07-23-2018, 01:14 AM

Quote:

Originally Posted by ferrari

If you create it as root, it will re-apply the correct group itself next boot...

Code:

# ls -l /var/log/journal
total 4
drwxr-sr-x 2 root systemd-journal 4096 Jul 23 17:37 a0848146a8854c519ce698d28901e824

Is it safe for the server to open access to read logs for all users?

ferrari · 07-23-2018, 01:19 AM

Usually, the administrator would make those that need journal access members of the appropriate group.

alekseev · 07-23-2018, 01:21 AM

Quote:

Originally Posted by ferrari

Usually, the administrator would make those that need journal access members of the appropriate group.

It turns out, access to the log should be at the root and a certain group?

ferrari · 07-23-2018, 01:27 AM

To expand on that, I can run journalctl as a regular user, but some reporting requires me to be root (eg run via sudo), or a member of the 'systemd-journal' group.

From 'man journalctl'...

Quote:

The set of journal files which will be used can be modified using the --user, --system, --directory, and --file options, see below.

All users are granted access to their private per-user journals. However, by default, only root and users who are members of a few special groups are granted access to the system
journal and the journals of other users. Members of the groups "systemd-journal", "adm", and "wheel" can read all journal files. Note that the two latter groups traditionally have
additional privileges specified by the distribution. Members of the "wheel" group can often perform administrative tasks.

ferrari · 07-23-2018, 01:29 AM

For example, if I do 'journal -b' as user, I can only see my user log...

Code:

~> journalctl -b
Hint: You are currently not seeing messages from other users and the system.
      Users in the 'systemd-journal' group can see all messages. Pass -q to
      turn off this notice.
-- Logs begin at Mon 2018-07-23 18:10:40 NZST, end at Mon 2018-07-23 18:25:25 NZST. --
Jul 23 18:12:21 linux-kgxs systemd[1236]: Reached target Timers.
Jul 23 18:12:21 linux-kgxs systemd[1236]: Starting D-Bus User Message Bus Socket.
Jul 23 18:12:21 linux-kgxs systemd[1236]: Reached target Paths.
Jul 23 18:12:21 linux-kgxs systemd[1236]: Listening on D-Bus User Message Bus Socket.
Jul 23 18:12:21 linux-kgxs systemd[1236]: Reached target Sockets.
Jul 23 18:12:21 linux-kgxs systemd[1236]: Reached target Basic System.
Jul 23 18:12:21 linux-kgxs systemd[1236]: Reached target Default.
Jul 23 18:12:21 linux-kgxs systemd[1236]: Startup finished in 53ms.
Jul 23 18:12:21 linux-kgxs sddm-helper[1242]: Adding cookie to "/home/dean/.local/share/sddm/.Xauthority"
Jul 23 18:12:21 linux-kgxs systemd[1236]: Started D-Bus User Message Bus.
.
.
.

alekseev · 07-23-2018, 01:38 AM

Quote:

Originally Posted by ferrari

For example, if I do 'journal -b' as user, I can only see my user log...

Code:

~> journalctl -b
Hint: You are currently not seeing messages from other users and the system.
      Users in the 'systemd-journal' group can see all messages. Pass -q to
      turn off this notice.
-- Logs begin at Mon 2018-07-23 18:10:40 NZST, end at Mon 2018-07-23 18:25:25 NZST. --
Jul 23 18:12:21 linux-kgxs systemd[1236]: Reached target Timers.
Jul 23 18:12:21 linux-kgxs systemd[1236]: Starting D-Bus User Message Bus Socket.
Jul 23 18:12:21 linux-kgxs systemd[1236]: Reached target Paths.
Jul 23 18:12:21 linux-kgxs systemd[1236]: Listening on D-Bus User Message Bus Socket.
Jul 23 18:12:21 linux-kgxs systemd[1236]: Reached target Sockets.
Jul 23 18:12:21 linux-kgxs systemd[1236]: Reached target Basic System.
Jul 23 18:12:21 linux-kgxs systemd[1236]: Reached target Default.
Jul 23 18:12:21 linux-kgxs systemd[1236]: Startup finished in 53ms.
Jul 23 18:12:21 linux-kgxs sddm-helper[1242]: Adding cookie to "/home/dean/.local/share/sddm/.Xauthority"
Jul 23 18:12:21 linux-kgxs systemd[1236]: Started D-Bus User Message Bus.
.
.
.

But the user can download the entire log from the server. Can he completely view it on another computer?

ferrari · 07-23-2018, 02:50 AM

Yes, that can be done eg

Code:

# journal --file journalctl --file /path/to/another/system.journal

Read the man page for journalctl...

Quote:

-D DIR, --directory=DIR
Takes a directory path as argument. If specified, journalctl will operate on the specified journal directory
DIR instead of the default runtime and system journal paths.

--file=GLOB
Takes a file glob as an argument. If specified, journalctl will operate on the specified journal files
matching GLOB instead of the default runtime and system journal paths. May be specified multiple times, in
which case files will be suitably interleaved.