2

I have Ubuntu 24.04 servers with this Journald config by default:

user@server:~$ systemd-analyze cat-config systemd/journald.conf # /etc/systemd/journald.conf # This file is part of systemd. ... [Journal] #Storage=auto #Compress=yes #Seal=yes #SplitMode=uid #SyncIntervalSec=5m #RateLimitIntervalSec=30s #RateLimitBurst=10000 #SystemMaxUse= #SystemKeepFree= #SystemMaxFileSize= #SystemMaxFiles=100 #RuntimeMaxUse= #RuntimeKeepFree= #RuntimeMaxFileSize= #RuntimeMaxFiles=100 #MaxRetentionSec= #MaxFileSec=1month #ForwardToSyslog=no #ForwardToKMsg=no #ForwardToConsole=no #ForwardToWall=yes #TTYPath=/dev/console #MaxLevelStore=debug #MaxLevelSyslog=debug #MaxLevelKMsg=notice #MaxLevelConsole=info #MaxLevelWall=emerg #LineMax=48K #ReadKMsg=yes #Audit=yes # /usr/lib/systemd/journald.conf.d/syslog.conf # Undo upstream commit 46b131574fdd7d77 for now. For details see # http://lists.freedesktop.org/archives/systemd-devel/2014-November/025550.html [Journal] ForwardToSyslog=yes

At first I tought I could add ForwardToSyslog=no to /etc/systemd/journald.conf. But after this logs from Journal still appear also in /var/log/systlog. I reloaded Systemd and restarted Journald service. I even tried rebooting but nothing changed.

Then I read about drop-in config files and tried creating a drop-in config:

user@server:~$ systemd-analyze cat-config systemd/journald.conf # /etc/systemd/journald.conf # This file is part of systemd. ... [Journal] (everything commented out) # /usr/lib/systemd/journald.conf.d/syslog.conf # Undo upstream commit 46b131574fdd7d77 for now. For details see # http://lists.freedesktop.org/archives/systemd-devel/2014-November/025550.html [Journal] ForwardToSyslog=yes # /etc/systemd/journald.conf.d/override.conf [Journal] ForwardToSyslog=no

But still logs from Journal appear in /var/log/syslog even after rebooting.

Then I manually edited /usr/lib/systemd/journald.conf.d/syslog.conf to read ForwardToSyslog=no. After that Journal entries no longer appear in /var/log/syslog.

But from the Systemd documentation I understood that files under /usr/lib/systemd should not be modified directly.

So what am I doing wrong here and what is the correct way to disable ForwardToSyslog?

Improve this question

1 Answer 1

Reset to default
3

After reading more Systemd docs I found the answer.

https://www.freedesktop.org/software/systemd/man/latest/systemd-system.conf.html

In addition to the main configuration file, drop-in configuration snippets are read from /usr/lib/systemd/.conf.d/, /usr/local/lib/systemd/.conf.d/, and /etc/systemd/*.conf.d/. Those drop-ins have higher precedence and override the main configuration file. Files in the *.conf.d/ configuration subdirectories are sorted by their filename in lexicographic order, regardless of in which of the subdirectories they reside. When multiple files specify the same option, for options which accept just a single value, the entry in the file sorted last takes precedence, and for options which accept a list of values, entries are collected as they occur in the sorted files.

The default syslog.conf was sorted after my override.conf so it took precedence. After renaming my file to x-override.conf it took effect after restaring systemd-journald.service.

Improve this answer
1
  • 2
    That imples that systemd-analyze cat-config is wrong to lazily output the /usr/lib/ .conf drop-in file beginning with "s" before your /etc one beginning with "o". It should have done the sort according to the specification. The man page seems tacitly aware of this as the example has files named 20-... and 50-.... (It is not the default syslog.conf file (which is compiled-in) that is overriding yours; it is the drop-in file in /usr/lib which is an override of the default and is coming from your distribution. They could have named it 00-syslog.conf to avoid this problem) Commented Aug 16 at 8:53

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.