« Back to Systemd: Frequently Asked Questions

How to limit the disk usage of the systemd journal

How to limit the disk usage of the systemd journal?

Define SystemMaxUse in /etc/systemd/journald.conf and restart systemd-journald.

To limit the maximum size that journals may use on the system, define the setting SystemMaxUse in /etc/systemd/journald.conf . Save the file, confirm that the settings are correct, then restart the journal daemon.

Configuration

Open /etc/systemd/journald.conf , copy the commented line, remove the hash, and assign it a value.

SystemMaxUse=256M

Note: depending on how many events happen on a system, this value might be too small. Make sure that the size for logs is big enough.

Check configuration and restart daemon

Confirm that the settings are correct using the systemd-analyze command with the subcommand cat-config.

systemd-analyze cat-config systemd/journald.conf

If all looks good, restart the journald daemon.

systemctl restart systemd-journald

Finally confirm the disk usage. If you defined a lower value than the disk usage before, then it should have an updated size.

journalctl --disk-usage

The new maximum size should also be reflected in the output within the journal itself. For example, if we lower it to 256 megabyte, the maximum should displayed as such.

# journalctl -u systemd-journald.service --since="today" | grep -E "(Runtime|System) Journal"`
Jun 15 21:18:36 web.example.org systemd-journald[75881]: System Journal (/var/log/journal/1c934add5be04ca8e30d000071964675) is 95.4M, max 4.0G, 3.9G free.
Jun 15 22:39:27 web.example.org systemd-journald[75891]: System Journal (/var/log/journal/1c934add5be04ca8e30d000071964675) is 95.4M, max 256.0M, 160.5M free.

Relevant commands in this article

Like to learn more about the commands that were used in this article? Have a look, for some there is also a cheat sheet available.

Other questions related to Systemd

Related articles

Like to learn more? Here is a list of articles within the same category or having similar tags.

Feedback

Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution!

Mastodon icon