6 System Logging

systemd has its own logging system called the journal. The journal is handled by the systemd-journald service unit. Although it's possible to run another system logging service, it's not necessary as the systemd journal provides a complete system logging service that can be used to audit and review activity on the system.

The systemd journal stores log data in a binary format, making it more efficient than traditional text-based logging systems. The journal conforms to standard syslog severity codes or priorities to mark the importance of a message, and syslog facilities to describe the subsystems and services that generate messages as defined in RFC 5424. See the systemd-journald.service(8) manual page for more information.

Journal configuration is controlled by editing the /etc/systemd/journald.conf file. The preferred approach to updating journal configuration is to use systemd drop-in configuration to make changes. See Adding Persistent Journal Storage for an example of creating a drop-in configuration file. Also see the journald.conf(5) manual page for more information about configuration options.

Use journalctl to view and manage system logs. journalctl is a utility used to query and display log messages from the systemd journal. See Viewing and Filtering Log Messages for more information. You can also use journalctl to manage certain journal runtime behavior. For example, you can use the --disk-usage option to view how much disk space the journal is using. You can also use the --rotate option to force log rotation, and the --vacuum-size or --vacuum-time to limit how much data is stored in the rotated journal files. See the journalctl(1) manual page for more information.