Systemd-journald is a system service that collects and stores logging data. It creates and maintains structured, indexed journals based on logging information that is received from a variety of sources.
Journal files are, by default, owned and readable by the systemd-journal
system group. To start collecting your journal logs, you need to:
dd-agent
user to the systemd-journal
group by running:usermod -a -G systemd-journal dd-agent
Create the journald.d/conf.yaml
file in the in the Agent’s conf.d/
folder at the root of your Agent’s directory.
Available for Agent version >6.0
Collecting logs is disabled by default in the Datadog Agent, you need to enable it in datadog.yaml
with:
logs_enabled: true
Then add this configuration block to your journald.d/conf.yaml
file to start collecting your Logs:
logs:
- type: journald
Finally, restart the agent.
By default the Agent looks for the journal at the following locations:
/var/log/journal
/var/run/journal
If your journal is located elsewhere, add a path
parameter with the corresponding journal path.
It is possible to filter in/out specific units thanks to the following parameters:
include_units
: Includes all units specified.exclude_units
: Excludes all units specified.Example:
logs:
- type: journald
path: /var/log/journal/
include_units:
- docker.service
- sshd.service
Tags are critical for finding information in highly dynamic containerized environments, which is why the Agent can collect container tags in journald logs.
This works automatically when the Agent is running from the host. If you are using the containerized version of the Datadog Agent, mount your journald path and the following directory:
/etc/machine-id
: this ensure that the Agent can query the journald that is stored on the host.Finally, restart the agent.
Need help? Contact Datadog Support.
Learn more about infrastructure monitoring and all Datadog integrations on our blog