Join Log in
Score:-1
avatar Ubuntu

On Ubuntu 18.04, how is `/var/log/journal` created?

ao flag
yaobin

On my Ubuntu 18.04, I see /var/log/journal is created but I can't figure out what created it in the first place. Could somebody help me? I'll provide more details below.

This is not an XY problem. I'm asking this question for pure curiosity in order to understand systemd or Ubuntu better.

What I have learned

By reading systemd-journald.service(8) and journald.conf(5), I learned that:

  • If Storage=persistent in /etc/systemd/journald.conf, /var/log/journal is created automatically.
  • If Storage=auto in /etc/systemd/journald.conf, /var/log/journal is not created automatically if it doesn't exist. But if the system admin creates /var/log/journal, systemd-journald will write logs into it. Otherwise, it falls back to using /run/log/journal.

On my Ubuntu 18.04, my /etc/systemd/journald.conf uses all the default values:

# Entries in this file show the compile time defaults.                                                                  
# You can change settings by editing this file.                                                                         
# Defaults can be restored by simply deleting this file.                                                                
#                                                                                                                       
# See journald.conf(5) for details.                                                                                     
                                                                                                                        
[Journal]                                                                                                               
#Storage=auto                                                                                                           
#Compress=yes                                                                                                           
#Seal=yes                                                                                                               
#SplitMode=uid                                                                                                          
#SyncIntervalSec=5m                                                                                                     
#RateLimitIntervalSec=30s                                                                                               
#RateLimitBurst=1000                                                                                                    
#SystemMaxUse=                                                                                                          
#SystemKeepFree=                                                                                                        
#SystemMaxFileSize=                                                                                                     
#SystemMaxFiles=100                                                                                                     
#RuntimeMaxUse=                                                                                                         
#RuntimeKeepFree=                                                                                                       
#RuntimeMaxFileSize=                                                                                                    
#RuntimeMaxFiles=100                                                                                                    
#MaxRetentionSec=                                                                                                       
#MaxFileSec=1month                                                                                                      
#ForwardToSyslog=yes                                                                                                    
#ForwardToKMsg=no                                                                                                       
#ForwardToConsole=no                                                                                                    
#ForwardToWall=yes                                                                                                      
#TTYPath=/dev/console                                                                                                   
#MaxLevelStore=debug                                                                                                    
#MaxLevelSyslog=debug                                                                                                   
#MaxLevelKMsg=notice                                                                                                    
#MaxLevelConsole=info                                                                                                   
#MaxLevelWall=emerg                                                                                                     
#LineMax=48K

In other words, I'm using Storage=auto on my system.

I also learned from systemd-tmpfiles(8) and tmpfiles.d(5) that systemd-tmpfiles creates, deletes, and cleans up volatile and temporary files and directories, based on the configuration file format and location specified in tmpfiles.d(5).

So I examined the tmpfiles.d(5) folders and I only found configuration files under /usr/lib/tmpfiles.d that modify the attributes of /var/log/journal, as shown in the following grep output:

/usr/lib/tmpfiles.d$ grep journal *.conf
journal-nocow.conf:# Set the NOCOW attribute for directories of journal files. This flag
journal-nocow.conf:# WARNING: Enabling the NOCOW attribute improves journal performance
journal-nocow.conf:# enabling the NOCOW attribute for journal files is safe, because
journal-nocow.conf:h /var/log/journal - - - - +C
journal-nocow.conf:h /var/log/journal/%m - - - - +C
journal-nocow.conf:h /var/log/journal/remote - - - - +C
systemd.conf:z /run/log/journal 2755 root systemd-journal - -
systemd.conf:Z /run/log/journal/%m ~2750 root systemd-journal - -
systemd.conf:a+ /run/log/journal/%m - - - - d:group:adm:r-x
systemd.conf:a+ /run/log/journal/%m - - - - group:adm:r-x
systemd.conf:a+ /run/log/journal/%m/*.journal* - - - - group:adm:r--
systemd.conf:z /var/log/journal 2755 root systemd-journal - -
systemd.conf:z /var/log/journal/%m 2755 root systemd-journal - -
systemd.conf:z /var/log/journal/%m/system.journal 0640 root systemd-journal - -
systemd.conf:a+ /var/log/journal    - - - - d:group::r-x,d:group:adm:r-x
systemd.conf:a+ /var/log/journal    - - - - group::r-x,group:adm:r-x
systemd.conf:a+ /var/log/journal/%m - - - - d:group:adm:r-x
systemd.conf:a+ /var/log/journal/%m - - - - group:adm:r-x
systemd.conf:a+ /var/log/journal/%m/system.journal - - - - group:adm:r--

But by reading the meanings of h, z, Z, and a+, none of them seem to create the folder /var/log/journal. All of them seem to only modify the attributes of /var/log/journal.

I did a test in which I deleted the folder /var/log/journal and rebooted my computer. Then I saw /var/log/journal was not re-created (which was expected because of Storage=auto on my machine). Instead, /run/log/journal was created (as expected).

What created /var/log/journal?

455
1 + 7
David avatar
cn flag
David
I do not recommend the following unless you do not care if you have to reinstall. With a running machine and a few programs open power off with the power switch. On restart there should be a message a journal is being created.
0
Reply
Esther avatar
es flag
Esther
@David why does this happen? I would love to know and also that would make a great answer to this question.
0
Reply
David avatar
cn flag
David
@Esther Why does what happen? If you mean what I suggested to the OP, have you tested it?
0
Reply
Esther avatar
es flag
Esther
I mean why does a system create /var/log/journal only when it was force-shutdown, even if it usually uses /run/log/journal ?
0
Reply
ao flag
yaobin
@David Thanks for your comment, David. I'm more interested in "what" creates the folder than "how" to create the folder. If it is created by some executable application or script, what is this application or script and where is it located on the computer? If it is created by some configuration, where is this configuration file?
0
Reply
David avatar
cn flag
David
That is beyond me or any one on this site I imagine. That is a question for the large team that created Ubuntu.
0
Reply
ao flag
yaobin
@Esther and @David: You can take a look at the accepted answer, especially the part about the `postinst` script.
0
Reply
Score:1
Andrew Lowther avatar Ubuntu
jp flag
Andrew Lowther

My answer will focus on why a fresh install of Ubuntu Server 22.04 contains a /var/log/journal directory. Other systems may vary.

Q. Why does a fresh install of Ubuntu Server 22.04 contain /var/log/journal?

A. The root filesystem image used by the installer contains a /var/log/journal file. The installer essentially copies an embedded image to the target system during installation. Files and directories contained in the image will be copied to the target system.

The image used by the installer is similar to the ones available in cloud-images. These commands show that the image contains the /var/log/journal directory. This results in the installed system also containing the directory.

root@ubuntu-server:~# wget --quiet https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64-root.tar.xz
root@ubuntu-server:~# tar tvf jammy-server-cloudimg-amd64-root.tar.xz | grep var/log/journal
drwxr-sr-x root/systemd-timesync    0 2022-10-19 01:04 var/log/journal/

Q. Why does the image contain /var/log/journal?

A. The image contains the package systemd. When the systemd package is installed it will create the /var/log/journal directory in its postinst script.

From the source

# Enable persistent journal, in auto-mode, by default on new installs installs and upgrades
if dpkg --compare-versions "$2" lt "235-3ubuntu3~"; then
    mkdir -p /var/log/journal
    # create tmpfiles only when running systemd, otherwise %b substitution fails
    if [ -d /run/systemd/system ]; then
        systemd-tmpfiles --create --prefix /var/log/journal
    fi
fi

Q. Why does the systemd package create /var/log/journal?

A. Somebody filed a bug report requesting it.

Please create /var/log/journal, to enable persistent journal logging

+ 1
ao flag
yaobin
I confirmed that on Ubuntu 18.04, `/var/log/journal` is also created by the `postinst` script of the package `systemd`. I didn't test Ubuntu 20.04 but I believe it's the same behavior.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.