Journalctl. What kind of journald setting is more correct?
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Journalctl. What kind of journald setting is more correct?
journald allows you to configure yourself through a configuration file or command line.
Configuration file:
SystemMaxUse = - the maximum amount that logs can occupy on the disk;
SystemKeepFree = - the amount of free space that should remain on the disk after saving logs;
SystemMaxFileSize = - the size of the log file upon which it should be removed from the disk;
RuntimeMaxUse = - the maximum amount that logs can occupy in the file system / run;
RuntimeKeepFree = - the amount of free space that must remain in the file system / run after saving logs;
RuntimeMaxFileSize = - the size of the log file upon which it should be removed from the file system / run.
By default, the journal stores log data in /run/log/journal/. Since /run/ is volatile, log data is lost at reboot. To make the data persistent, it is sufficient to create
/var/log/journal/ where systemd-journald will then store the data:
See journald.conf(5) for information about the configuration of this service.
and 'man journald.conf'
Quote:
All options are configured in the "[Journal]" section:
Storage=
Controls where to store journal data. One of "volatile", "persistent", "auto" and "none". If "volatile", journal log data will be stored only in memory, i.e. below the
/run/log/journal hierarchy (which is created if needed). If "persistent", data will be stored preferably on disk, i.e. below the /var/log/journal hierarchy (which is created
if needed), with a fallback to /run/log/journal (which is created if needed), during early boot and if the disk is not writable. "auto" is similar to "persistent" but the
directory /var/log/journal is not created if needed, so that its existence controls where log data goes. "none" turns off all storage, all log data received will be dropped.
Forwarding to other targets, such as the console, the kernel log buffer, or a syslog socket will still work however. Defaults to "auto".
To expand on that, I can run journalctl as a regular user, but some reporting requires me to be root (eg run via sudo), or a member of the 'systemd-journal' group.
From 'man journalctl'...
Quote:
The set of journal files which will be used can be modified using the --user, --system, --directory, and --file options, see below.
All users are granted access to their private per-user journals. However, by default, only root and users who are members of a few special groups are granted access to the system
journal and the journals of other users. Members of the groups "systemd-journal", "adm", and "wheel" can read all journal files. Note that the two latter groups traditionally have
additional privileges specified by the distribution. Members of the "wheel" group can often perform administrative tasks.
For example, if I do 'journal -b' as user, I can only see my user log...
Code:
~> journalctl -b
Hint: You are currently not seeing messages from other users and the system.
Users in the 'systemd-journal' group can see all messages. Pass -q to
turn off this notice.
-- Logs begin at Mon 2018-07-23 18:10:40 NZST, end at Mon 2018-07-23 18:25:25 NZST. --
Jul 23 18:12:21 linux-kgxs systemd[1236]: Reached target Timers.
Jul 23 18:12:21 linux-kgxs systemd[1236]: Starting D-Bus User Message Bus Socket.
Jul 23 18:12:21 linux-kgxs systemd[1236]: Reached target Paths.
Jul 23 18:12:21 linux-kgxs systemd[1236]: Listening on D-Bus User Message Bus Socket.
Jul 23 18:12:21 linux-kgxs systemd[1236]: Reached target Sockets.
Jul 23 18:12:21 linux-kgxs systemd[1236]: Reached target Basic System.
Jul 23 18:12:21 linux-kgxs systemd[1236]: Reached target Default.
Jul 23 18:12:21 linux-kgxs systemd[1236]: Startup finished in 53ms.
Jul 23 18:12:21 linux-kgxs sddm-helper[1242]: Adding cookie to "/home/dean/.local/share/sddm/.Xauthority"
Jul 23 18:12:21 linux-kgxs systemd[1236]: Started D-Bus User Message Bus.
.
.
.
For example, if I do 'journal -b' as user, I can only see my user log...
Code:
~> journalctl -b
Hint: You are currently not seeing messages from other users and the system.
Users in the 'systemd-journal' group can see all messages. Pass -q to
turn off this notice.
-- Logs begin at Mon 2018-07-23 18:10:40 NZST, end at Mon 2018-07-23 18:25:25 NZST. --
Jul 23 18:12:21 linux-kgxs systemd[1236]: Reached target Timers.
Jul 23 18:12:21 linux-kgxs systemd[1236]: Starting D-Bus User Message Bus Socket.
Jul 23 18:12:21 linux-kgxs systemd[1236]: Reached target Paths.
Jul 23 18:12:21 linux-kgxs systemd[1236]: Listening on D-Bus User Message Bus Socket.
Jul 23 18:12:21 linux-kgxs systemd[1236]: Reached target Sockets.
Jul 23 18:12:21 linux-kgxs systemd[1236]: Reached target Basic System.
Jul 23 18:12:21 linux-kgxs systemd[1236]: Reached target Default.
Jul 23 18:12:21 linux-kgxs systemd[1236]: Startup finished in 53ms.
Jul 23 18:12:21 linux-kgxs sddm-helper[1242]: Adding cookie to "/home/dean/.local/share/sddm/.Xauthority"
Jul 23 18:12:21 linux-kgxs systemd[1236]: Started D-Bus User Message Bus.
.
.
.
But the user can download the entire log from the server. Can he completely view it on another computer?
-D DIR, --directory=DIR
Takes a directory path as argument. If specified, journalctl will operate on the specified journal directory
DIR instead of the default runtime and system journal paths.
--file=GLOB
Takes a file glob as an argument. If specified, journalctl will operate on the specified journal files
matching GLOB instead of the default runtime and system journal paths. May be specified multiple times, in
which case files will be suitably interleaved.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.