- 필수 기능
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- 디지털 경험
- 소프트웨어 제공
- 보안
- 로그 관리
- 관리
- 인프라스트럭처
- ci
- containers
- csm
- ndm
- otel_guides
- overview
- slos
- synthetics
- tests
- 워크플로
Supported OS
Systemd-journald is a system service that collects and stores logging data. It creates and maintains structured, indexed journals based on logging information from a variety of sources.
The journald check is included in the Datadog Agent package. No additional installation is needed on your server.
Journal files, by default, are owned and readable by the systemd-journal system group. To start collecting your journal logs, you need to:
dd-agent
user to the systemd-journal
group by running: usermod -a -G systemd-journal dd-agent
To configure this check for an Agent running on a host:
Edit the journald.d/conf.yaml
file, in the conf.d/
folder at the root of your Agent’s configuration directory to start collecting logs.
Collecting logs is disabled by default in the Datadog Agent, you need to enable it in the datadog.yaml
with:
logs_enabled: true
Then add this configuration block to your journald.d/conf.yaml
file to start collecting your Logs:
logs:
- type: journald
container_mode: true
To fill source
and service
attributes, the Agent collects SYSLOG_IDENTIFIER
, _SYSTEMD_UNIT
and _COMM
and set them to the first non empty value. To take advantage of the integration pipelines, Datadog recommends setting the SyslogIdentifier
parameter in the systemd
service file directly, or in a systemd
service override file. Their location depends on your distribution, but you can find the location of the systemd
service file by using the command systemctl show -p FragmentPath <unit_name>
.
Note: With Agent 7.17+, if container_mode
is set to true
, the default behavior changes for logs coming from Docker containers. The source
attribute of your logs is automatically set to the corresponding short image name of the container instead of simply docker
.
For containerized environments, see the Autodiscovery Integration Templates for guidance on applying the parameters below.
Collecting logs is disabled by default in the Datadog Agent. To enable it, see Kubernetes Log Collection.
Parameter | Value |
---|---|
<LOG_CONFIG> | {"source": "journald", "service": "<YOUR_APP_NAME>"} |
By default the Agent looks for the journal at the following locations:
/var/log/journal
/run/log/journal
If your journal is located elsewhere, add a path
parameter with the corresponding journal path.
You can filter specific system-level units by using these parameters:
include_units
: Includes all system-level units specified.exclude_units
: Excludes all system-level units specified.Example:
logs:
- type: journald
path: /var/log/journal/
include_units:
- docker.service
- sshd.service
In Datadog Agent version 7.37.0
+, you can filter user-level units by using these parameters:
include_user_units
: Includes all user-level units specified.exclude_user_units
: Excludes all user-level units specified.Note: Use the *
wildcard in exclude_units
or exclude_user_units
to specify a particular Journald log. The *
wildcard does not work with include_units
. By default, if there are no units for neither system nor user, and no matches are defined, all journal logs are collected.
Example:
logs:
# Collect all system-level unit logs.
- type: journald
exclude_user_units:
- '*'
In Datadog Agent version 7.39.0
+, you can filter arbitrary messages using key-value pairs with these parameters:
include_matches
: Includes messages matching key=value
exclude_matches
: Excludes messages matching key=value
Example:
logs:
- type: journald
path: /var/log/journal/
include_matches:
- _TRANSPORT=kernel
If you want to report units with different source or service tags, these must appear in separate journald configs.
In order to do this you must uniquely identify the journal config with a config_id
(available in agent 7.41.0
+).
logs:
- type: journald
config_id: my-app1
source: my-app1
service: my-app1
include_units:
- my-app1.service
- type: journald
config_id: my-app2
source: my-app2
service: my-app2
include_units:
- my-app2.service
Tags are critical for finding information in highly dynamic containerized environments, which is why the Agent can collect container tags in journald logs.
This works automatically when the Agent is running from the host. If you are using the containerized version of the Datadog Agent, mount your journal path and the following file:
/etc/machine-id
: this ensures that the Agent can query the journal that is stored on the host.Run the Agent’s status subcommand and look for journald
under the Logs Agent section.
journald does not include any metrics.
journald does not include any service checks.
journald does not include any events.
Need help? Contact Datadog support.