systemd-journald.service, systemd-journald.socket, systemd-journald — Journal service
systemd-journald.service
systemd-journald.socket
/usr/lib/systemd/systemd-journald
systemd-journald is a
                system service that collects and stores logging
                data. It creates and maintains structured, indexed
                journals based on logging information that is received
                from the kernel, from user processes via the libc
                syslog(3)
                call, from STDOUT/STDERR of system services or via its
                native API. It will implicitly collect numerous meta
                data fields for each log messages in a secure and
                unfakeable way. See
                systemd.journal-fields(7)
                for more information about the collected meta data.
                
Log data collected by the journal is primarily text based but can also include binary data where necessary. All objects stored in the journal can be up to 2^64-1 bytes in size.
By default the journal stores log data in
                /run/log/journal/. Since
                /run/ is volatile log data is
                lost at reboot. To make the data persistent it
                is sufficient to create
                /var/log/journal/ where
                systemd-journald will then store
                the data.
systemd-journald will
                forward all received log messages to the AF_UNIX
                SOCK_DGRAM socket
                /run/systemd/journal/syslog (if it exists) which
                may be used by UNIX syslog daemons to process the data
                further.
See journald.conf(5) for information about the configuration of this service.
Request that journal
                                data from /run/
                                is flushed to
                                /var/ in order to
                                make it persistent (if this is
                                enabled). This must be used after
                                /var/ is mounted,
                                as otherwise log data from
                                /run is never
                                flushed to /var
                                regardless of the
                                configuration.
Request immediate rotation of the journal files.
A few configuration parameters from
                journald.conf may be overridden on
                the kernel command line:
systemd.journald.forward_to_syslog=, systemd.journald.forward_to_kmsg=, systemd.journald.forward_to_console=¶Enables/disables forwarding of collected log messages to syslog, the kernel log buffer or the system console.
See journald.conf(5) for information about these settings.
Journal files are by default owned and readable
                by the systemd-journal system group
                (but not writable). Adding a user to this group thus
                enables her/him to read the journal files.
By default, each logged in user will get her/his
                own set of journal files in
                /var/log/journal/. These files
                will not be owned by the user however, in order to
                avoid that the user can write to them
                directly. Instead, file system ACLs are used to ensure
                the user gets read access only.
Additional users and groups may be granted
                access to journal files via file system access control
                lists (ACL). Distributions and administrators may
                choose to grant read access to all members of the
                wheel and adm
                system groups with a command such as the
                following:
# setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/
Note that this command will update the ACLs both
                for existing journal files and for future journal
                files created in the
                /var/log/journal/
                directory.