How to Clear Systemd Journal Logs
This quick tutorial shows you two ways to clear systemd journal logs from your Linux system.
This quick tutorial shows you two ways to clear systemd journal logs from your Linux system.
The systemd journal is systemd’s own logging system. It is equivalent to the syslog in the init system. It collects and stored kernel logging data, system log messages, standard output, and errors for various systemd services.
A Linux machine with systemd writes the logs to /var/log/journal directory. If you remember the Linux directory structure, /var is where the system logs are stored.
You can either manually view the log files using less command or use the journalctl command. To view all the latest logs, use the command with the reverse option.
The thing with logging is that over time, it starts to grow big. And if you check the disk space in Linux, you’ll see that sometimes, it takes several GB of space.
Let me show you how to clean systemd journal logs and free up disk space on your Linux system.
Clearing systemd journal logs
First, check the space taken by journal logs with the du command:
You can also use the journalctl command for the same task:
Both commands should give approximately the same result:
[email protected]:~$ journalctl --disk-usage Archived and active journals take up 1.6G in the file system. [email protected]:~$ sudo du -sh /var/log/journal/ 1.7G /var/log/journal/
Now that you know how much space the journal logs take, you can decide if you want to clear the logs or not. If you decide to clear the journal logs, let me show you a couple of ways of doing it.
You can, of course, use the rm command to delete the files in the log folder but I won’t advise that. The journalctl command gives you the proper way of handling old logs.
First thing you should do is to rotate journal files. This will mark the currently active journal logs as archive and create fresh new logs. It’s optional but a good practice to do so.
Now you have three ways to clear old journal logs. You delete logs older than a certain time, or you delete older log files so that the total log size is limited to the predefined disk space, or you limit the number of log files. Let’s see how to use all three methods.
1. Clear journal log older than x days
Keep in mind that logs are important for auditing purposes so you should not delete all of them at the same time. Let’s say you want to keep the log history of just two days. To delete all entries older than two days, use this command:
sudo journalctl --vacuum-time=2d
Here’s what the output may look like:
Vacuuming done, freed 1.6G of archived journals from /var/log/journal/1b9ab93094fa4978beba80fd3c48a18c
You can also change the provide time frame in hours like 2h, in minutes like 2m, in seconds like 2s. If you want bigger time units, you can 2weeks, 2months as well.
2. Restrict logs to a certain size
Another way is to restrict the log size. This will delete the journal log files until the disk space taken by journal logs falls below the size you specified.
sudo journalctl --vacuum-size=100M
This will reduce the log size to around 100 MB.
Vacuuming done, freed 40.0M of archived journals from /var/log/journal/1b9ab93094fa4978beba80fd3c48a18c.
You can specify the size in GB with G, MB with M, KB with K etc.
3. Restrict number of log files
The third way is to limit the number of log files. The journalctl usually has log files for the system and for the users. As the logs get old, they are archived in various files.
You can limit the number of archive log files. Let’s say you want to have only five log files.
It will remove the older archive log files leaving only the specified number of log files.
Deleted archived journal /var/log/journal/1b9ab93094fa4978beba80fd3c48a18c/[email protected]5988c0982.journal (8.0M). Deleted archived journal /var/log/journal/1b9ab93094fa4978beba80fd3c48a18c/[email protected]9747a2ebd5a3.journal (48.0M). Deleted archived journal /var/log/journal/1b9ab93094fa4978beba80fd3c48a18c/[email protected]7a32024d0.journal (48.0M). Vacuuming done, freed 104.0M of archived journals from /var/log/journal/1b9ab93094fa4978beba80fd3c48a18c.
Automatically clearing old log files [Requires intermediate knowledge of command line]
What you just did will clean the log files for now. In a month, the logs will increase again. You can manually clean them with one of the methods described above. But that is a tedious task and you may not remember to do that regularly.
The good thing is that you can configure systemd to automatically handle old log files.
The journalctl has configuration file at /etc/systemd/journald.conf. There are settings which are commented out. The commented lines basically indicate the default value of those settings parameters (even if they are commented out).
You can change some of these default settings to automatically clean the log files.
You would want to change the following settings:
Setting | Description |
---|---|
SystemMaxUse | Max disk space logs can take |
SystemMaxFileSize | Max size of an INDIVIDUAL log file |
SystemMaxFiles | Max number of log files |
Please note that you should be careful while editing configuration files. You must be comfortable using a terminal-based text editor like Vim, Emacs or Nano so that you don’t make silly mistakes while editing the conf file.
I advise to make a backup of the configuration file first:
cp /etc/systemd/journald.conf /etc/systemd/journald.conf.back
Now, you should uncomment (remove the # at the beginning of the line) the setting you want to use. For example, I want to restrict the maximum disk space taken by the log files to 250 MB.
You’ll have to use Vim or some other terminal based editor in order to edit this configuration file. Here’s what it looks like me after editing the file.
# This file is part of systemd. # # systemd is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. # # Entries in this file show the compile time defaults. # You can change settings by editing this file. # Defaults can be restored by simply deleting this file. # # See journald.conf(5) for details. [Journal] #Storage=auto #Compress=yes #Seal=yes #SplitMode=uid #SyncIntervalSec=5m #RateLimitIntervalSec=30s #RateLimitBurst=1000 SystemMaxUse=250M #SystemKeepFree= #SystemMaxFileSize= #SystemMaxFiles=100
Keep in mind that after editing the configuration file, you should load the changes:
sudo systemctl restart systemd-journald
The journald.conf file can be used to tweak the journalctl settings even further. You can even set the levels of log (info, debug, error etc) you want to see. It’s up to you if you want to change those settings as well.
I hope you like this tip to clear systemd journal log files. If you have any questions or suggestions, please leave a comment below.
How to clean log file? [duplicate]
Is there a better way to clean the log file? I usually delete the old logfile and create a new logfile and I am looking for a shorter type/bash/command program. How can I use an alias?
1 Answer 1
(fell free to substitute false or any other command that produces no output, like e.g. : does in bash ) if you want to be more eloquent, will all empty logfile (actually they will truncate it to zero size).
If you want to know how long it «takes», you may use
(which is the same as dd if=/dev/null > logfile , by the way)
(or truncate -s 0 logfile ) to be perfectly explicit or, if you don’t want to,
(in which case you are relying on the common behaviour that applications usually do recreate a logfile if it doesn’t exist already).
However, since logfiles are usually useful, you might want to compress and save a copy. While you could do that with your own script, it is a good idea to at least try using an existing working solution, in this case logrotate , which can do exactly that and is reasonably configurable.
Should you need to do it for several files, the safe way is
Some shells ( zsh ) also allow one to specify several redirection targets.
This works (at least in bash ) since it creates all the redirections required although only the last one will catch any input (or none in this case). The tee example with several files should work in any case (given your tee does know how to handle several output files)
Of course, the good old shell loop would work as well:
for f in file1 file2 . ; do # pick your favourite emptying method done
although it will be much slower due to the command being run separately for each file. That may be helped by using find :