info@solusidb.com

Clear Systemd Journal Logs in Ubuntu 22.04

February 7, 2025 DB-admin
0 Comment
infrastructure, tutorial

systemd uses its own logging system called the journal. It’s a centralized logging system that collects logs from all parts of the system, including the kernel, services, and applications. This makes it easier to manage and analyze logs.  

Here are some key things to know about the journal:

  • Storage: By default, journal logs are stored in /var/log/journal.
  • Accessing logs: You can use the journalctl command to view and manage journal logs.
  • Benefits: The journal offers several advantages over traditional syslog, including structured logging, indexing, and filtering.    

Methods to Clear Journal Logs

  • Clear logs based on time:

    Bash 

    sudo journalctl --vacuum-time=7d

    This command will delete logs older than 7 days. You can adjust the 7d to any time period you prefer (e.g., 1d for 1 day, 30d for 30 days).

  • Clear logs based on size:

    Bash 

    sudo journalctl --vacuum-size=500M

This will clear logs until the total size of the journal files is below 500MB. Change 500M to your desired size (e.g., 1G for 1 gigabyte).  

  • Rotate journal files:Bash  
    sudo journalctl --rotate

This command marks the current active journal files as archived, so new log entries will be written to new files. This is often used in conjunction with --vacuum-time or --vacuum-size to clear the old, archived logs.  

 

  • Clear all logs (use with caution):Bash  
    sudo journalctl --flush --rotate --vacuum-time=1s

    This first flushes the logs to disk, then rotates the files, and finally clears any logs older than 1 second (effectively clearing all logs). Be very careful with this command as it removes all historical log data.

Important Considerations

  • Archived vs. Active Logs: The --vacuum-time and --vacuum-size options only affect archived journal files. To clear recent logs, you need to rotate the journal files first using journalctl --rotate.
  • Configuration: You can configure how much disk space the journal can use by editing the /etc/systemd/journald.conf file. Look for options like SystemMaxUse and SystemKeepFree.
  • Automation: To automate log clearing, you can add a command to your system’s cron scheduler. For example, to clear logs older than 1 day every night at midnight, you would add the following line to your crontab: 
    0 0 * * * journalctl --vacuum-time=1d

Best Practices

  • Regularly monitor log size: Use journalctl --disk-usage to check how much space your journal logs are using.
  • Don’t clear logs unnecessarily: Logs are crucial for troubleshooting and system analysis. Only clear them when you have a specific reason to, such as reclaiming disk space.
  • Consider log rotation: Instead of clearing logs entirely, you might want to rotate them regularly. This allows you to keep a history of logs while preventing them from consuming too much disk space.

Remember to use sudo before any of these commands to ensure you have the necessary privileges.

CMIWW

infrastructure