On CentOS 7, you have to enable the persistent storage of log messages:
# mkdir /var/log/journal # systemd-tmpfiles --create --prefix /var/log/journal # systemctl restart systemd-journald
Otherwise, the journal log messages are not retained between boots.
journald retains log messages from previous boots is configured via
/etc/systemd/journald.conf. The default setting under CentOS 7 is:
Where the journald.conf man page explains
One of “volatile”, “persistent”, “auto” and “none”. If “volatile”, journal log data will be stored only in memory, i.e. below the /run/log/journal hierarchy (which is created if needed). If “persistent”, data will be stored preferably on disk, i.e. below the /var/log/journal hierarchy (which is created if needed), with a fallback to /run/log/journal (which is created if needed), during early boot and if the disk is not writable. “auto” is similar to “persistent” but the directory /var/log/journal is not created if needed, so that its existence controls where log data goes.
The systemd-journald.service man page thus states that:
By default, the journal stores log data in /run/log/journal/. Since /run/ is volatile, log data is lost at reboot. To make the data persistent, it is sufficient to create /var/log/journal/ where systemd-journald will then store the data.
Apparently, the default was changed in Fedora 19 (to persitent storage) and since CentOS 7 is derived from Fedora 18 – it is still non-persisent there, by default. Persistency is implemented by default outside of journald via
/var/log/messages and the rotated versions
/var/log/messages-YYYYMMDD which are written by rsyslogd (which runs by default and gets its input from journald).
Thus, to enable persistent logging with journald under RHEL/CentOS 7 one has to
# mkdir /var/log/journal
and then fix permissions and restart journald, e.g. via
# systemd-tmpfiles --create --prefix /var/log/journal # systemctl restart systemd-journald
systemctl restart systemd-journald
You can lose your logs: see https://github.com/systemd/systemd/issues/2236
There is a change in
systemd-journald will no longer adjust the group of journal files it creates to the “systemd-journal” group. Instead we rely on the journal directory to be owned by the “systemd-journal” group, and its setgid bit set, so that the kernel file system layer will automatically enforce that journal files inherit this group assignment.
A tmpfiles.d(5) snippet included in systemd will make sure the setgid bit and group are properly set on the journal directory if it exists on every boot.
So, you should run something like
systemd-tmpfiles --create --prefix /var/log/journal after
- Bug: users from the group
systemd-journalcouldn’t read some journal files