Features
Integrations
Dashboards
Log Management
APM
Continuous Profiler
Security Monitoring
Network Monitoring
Synthetic Monitoring
Real User Monitoring
Serverless
Alerts
API
Journald
Supported OS:
Overview
Systemd-journald is a system service that collects and stores logging data. It creates and maintains structured, indexed journals based on logging information that is received from a variety of sources.
Setup
Installation
Journal files are, by default, owned and readable by the systemd-journal system group. To start collecting your journal logs, you need to:
- Install the Agent on the instance running the journal
Add the
dd-agentuser to thesystemd-journalgroup by running:usermod -a -G systemd-journal dd-agent
Configuration
To configure this check for an Agent running on a host:
Edit the journald.d/conf.yaml file in the in the Agent’s conf.d/ folder at the root of your Agent’s directory.
Log collection
Available for Agent versions >6.0
Collecting logs is disabled by default in the Datadog Agent, you need to enable it in datadog.yaml with:
logs_enabled: trueThen add this configuration block to your journald.d/conf.yaml file to start collecting your Logs:
logs:
- type: journald
container_mode: trueTo fill source and service attributes, the Agent collects SYSLOG_IDENTIFIER , _SYSTEMD_UNIT and _COMMand set them to the first non empty value. In order to take advantage of the integration pipelines, Datadog recommends setting the SyslogIdentifier parameter in the systemd service file directly, or in a systemd service override file. Their location depends on your distribution, but you can find the location of the systemd service file by using the command systemctl show -p FragmentPath <unit_name>.
Note: With Agent 7.17+, if container_mode is set to true, the default behavior changes for logs coming from docker containers. The source attribute of your logs is automatically set to the corresponding short image name of the container instead of simply docker.
Finally, restart the Agent.
For containerized environments, see the Autodiscovery Integration Templates for guidance on applying the parameters below.
Log collection
Available for Agent versions >6.0
Collecting logs is disabled by default in the Datadog Agent. To enable it, see Kubernetes log collection documentation.
| Parameter | Value |
|---|---|
<LOG_CONFIG> | {"source": "journald", "service": "<YOUR_APP_NAME>"} |
Advanced features
Change journal location
By default the Agent looks for the journal at the following locations:
/var/log/journal/var/run/journal
If your journal is located elsewhere, add a path parameter with the corresponding journal path.
Filter journal units
It is possible to filter in/out specific units thanks to the following parameters:
include_units: Includes all units specified.exclude_units: Excludes all units specified.
Example:
logs:
- type: journald
path: /var/log/journal/
include_units:
- docker.service
- sshd.serviceCollect Container tags
Tags are critical for finding information in highly dynamic containerized environments, which is why the Agent can collect container tags in journald logs.
This works automatically when the Agent is running from the host. If you are using the containerized version of the Datadog Agent, mount your journal path and the following file:
/etc/machine-id: this ensures that the Agent can query the journal that is stored on the host.
Troubleshooting
Need help? Contact Datadog Support.
Further Reading
Additional helpful documentation, links, and articles:
On this Page