Even if systemd works well with the default configuration, it needs to be configured on some system so that logs don't fill the disk, ...
On most of my systems I'm using syslog-ng to manage my log files. This
interfaces quite well with journald as the only thing you need to do to make it
work is to use these sources in /etc/syslog-ng/syslog-ng.conf
:
source src { unix-dgram("/run/systemd/journal/syslog"); internal(); file("/proc/kmsg"); };
Once this is done, you no longer need persistent storage to /var/log/journal.
Instead of deleting this directory or making it a tmpfs, the right way to
disable persistent storage is to set this into /etc/systemd/journald.conf
:
Storage=volatile ForwardToSyslog=yes ForwardToKMsg=no ForwardToConsole=no
More information can be found in the man page: http://www.freedesktop.org/software/systemd/man/journald.conf.html
If you use persistent storage, you may want to rotate logs every 3 months for
example. This option in /etc/systemd/journald.conf
tells journald to do
this:
MaxRetentionSec=3month
journald can listen to the audit socket for events. Even if that could be
useful without auditd
service, it can spam the logs when using software
such as Chrome (https://bugs.chromium.org/p/chromium/issues/detail?id=456535
has been opened for more than a year) and it does not honour auditctl
configuration such as:
auditctl -a never,exit -F arch=b64 -S set_robust_list -F path=/usr/lib/chromium/chromium -F key=bug456535
(This line without auditctl
can be put in
/etc/audit/rules.d/chromium.rules
so that augenrules --load
loads this
at every boot).
To disable this journald feature, the easier way consists in masking the audit socket (cf. systemd/systemd#959 (comment)):
systemctl mask systemd-journald-audit.socket
On a workstation, it can be quite convenient to read the journal directly from ttys above 7 (tty1-6 being consoles and tty7 the X Window session, for example).
With syslog-ng, the configuration is quite straightforward:
source src { system(); }; destination d_tty9 { file("/dev/tty9" owner(-1) group(-1) perm(-1)); }; destination d_tty10 { file("/dev/tty10" owner(-1) group(-1) perm(-1)); }; destination d_tty11 { file("/dev/tty11" owner(-1) group(-1) perm(-1)); }; destination console_all { file("/dev/tty12" owner(-1) group(-1) perm(-1)); }; filter f_authpriv { facility(auth, authpriv); }; filter f_daemon { facility(daemon); }; filter f_kernel { facility(kern); }; log { source(src); filter(f_authpriv); destination(d_tty9); }; log { source(src); filter(f_daemon); destination(d_tty10); }; log { source(src); filter(f_kernel); destination(d_tty11); }; log { source(src); destination(console_all); };
It is also possible to send emergency messages to everyone logged in:
source s_src { system(); internal(); }; destination du_all { usertty("*"); }; filter f_emerg { level(emerg); }; log { source(s_src); filter(f_emerg); destination(du_all); };
With journald, the only "natively" available feature is logging to a tty, with
something like this in /etc/systemd/journald.conf
:
ForwardToConsole=yes TTYPath=/dev/tty12 MaxLevelConsole=info
The other filters can be implemented with services. Here are some files.
/etc/systemd/system/[email protected]
:
[Unit] Description=Show journal on %I After=systemd-journald.service ConditionPathExists=/dev/%I [Service] Type=idle StandardOutput=tty TTYPath=/dev/%I TTYReset=yes TTYVHangup=yes [Install] WantedBy=multi-user.target
/etc/systemd/system/[email protected]
:
.include /etc/systemd/system/[email protected] [Unit] Description=Show journal on %I (auth) [Service] # Facilities: 4 = LOG_AUTH, 10 = LOG_AUTHPRIV ExecStart=/usr/bin/journalctl -b -n50 SYSLOG_FACILITY=4 SYSLOG_FACILITY=10
/etc/systemd/system/[email protected]
:
.include /etc/systemd/system/[email protected] [Unit] Description=Show journal on %I (daemon) [Service] # Facility codes: # 2 = LOG_MAIL # 3 = LOG_DAEMON # 5 = LOG_SYSLOG # 6 = LOG_LPR # 7 = LOG_NEWS # 8 = LOG_UUCP # 9 = LOG_CRON # 11 = LOG_FTP # # Not selected: # 0 = LOG_KERN # 1 = LOG_USER # 4 = LOG_AUTH # 10 = LOG_AUTHPRIV # 16..23 = LOG_LOCAL0..7 # # Source: /usr/include/sys/syslog.h # in glibc: https://sourceware.org/git/?p=glibc.git;a=blob;f=misc/sys/syslog.h;hb=HEAD ExecStart=/usr/bin/journalctl -b -n50 \ SYSLOG_FACILITY=2 SYSLOG_FACILITY=3 SYSLOG_FACILITY=5 SYSLOG_FACILITY=6 \ SYSLOG_FACILITY=7 SYSLOG_FACILITY=8 SYSLOG_FACILITY=9 SYSLOG_FACILITY=11
/etc/systemd/system/[email protected]
:
.include /etc/systemd/system/[email protected] [Unit] Description=Show journal on %I (kernel) [Service] # --dmesg implies -b and _TRANSPORT=kernel ExecStart=/usr/bin/journalctl -b -f -n 50 --dmesg ``/etc/systemd/system/[email protected]``:: .include /etc/systemd/system/[email protected] [Unit] Description=Show journal on %I (everything) [Service] ExecStart=/usr/bin/journalctl -b -f -n 50
With such commands, it is also possible to pipe journalctl
output to
ccze
(if installed) to colorize the logs.
systemd doesn't rely on a cron daemon to run periodic tasks but uses its own system with calendar time events. ArchLinux provides on its wiki some config files to replace common cron scripts: https://wiki.archlinux.org/index.php/Systemd/cron_functionality
Since April 2014 the timers are included and enabled by default, with timer
files in /usr/lib/systemd/system
and symlinks in
/usr/lib/systemd/system/multi-user.target.wants/
. To disable some timers
which do many disk writes, an overriding unit needs to be created.
/etc/systemd/system/disabled-timer.service
:
[Unit] Description=Unit to be able to disable timers [Service] Type=oneshot ExecStart=/usr/bin/true
/etc/systemd/system/updatedb.timer
:
[Unit] Description=Disabled locate database update [Timer] #OnCalendar=daily #Persistent=true #OnBootSec=10min #OnUnitActiveSec=1d OnCalendar=monthly Unit=disabled-timer.service
Another way may consist in masking the service units, but it did not work well back in spring 2014:
$ systemctl mask updatedb Created symlink from /etc/systemd/system/updatedb.service to /dev/null.
To automatically create a bridge interface which can be used for example to bridge together several virtual machines, here is a systemd-networkd configuration.
/etc/systemd/network/VMBridge.netdev
:
[NetDev] Name=br0 Kind=bridge
/etc/systemd/network/br0.network
:
[Match] Name=br0 [Network] IPForward=yes [Address] Address=198.51.100.0/24