## A simple start

The bare minimum you need to get circologd on a systemd-based system is this unit.
Other options with more features or more security are provided below

    [Unit]
    Description=In-memory logging

    [Service]
    User=root
    Group=adm
    ExecStart=/usr/local/sbin/circologd -syslogd-socket /run/circolog/syslog.sock  -buffer-size 2000 -query-socket /run/circolog/query.sock

    [Install]
    WantedBy=multi-user.target


## A better unit

This is another unit, which has several security features, such as `DynamicUser`, filesystem restrictions, and
more.

    [Unit]
    Description=In-memory logging

    [Service]
    DynamicUser=true
    Group=adm
    RuntimeDirectory=circolog
    # this is important: circologd will respect umask, so if you want to have files that are not world-readable, you must set it
    RuntimeDirectoryMode=0750
    UMask=0026
    ProtectSystem=full
    ExecStart=/usr/local/sbin/circologd -syslogd-socket /run/circolog/syslog.sock  -buffer-size 2000 -query-socket /run/circolog/query.sock
    # security restrictions; useful, but not needed
    PrivateTmp=true
    PrivateNetwork=true
    NoNewPrivileges=true
    Restrictnamespaces=true

    #optional: watchdog
    WatchdogSec=30

    [Install]
    WantedBy=multi-user.target

## Journald

None of those are integrated with journald, however. The simplest way to integrate with journald is the
following.

First of all, ensure `ForwardToSyslog=yes` in `/etc/systemd/journald.conf`.
Then, you need to run circologd as root and bind it [to a special
address](https://www.freedesktop.org/software/systemd/man/journald.conf.html#Forwarding%20to%20traditional%20syslog%20daemons).
Ok, you don't strictly _need_ to run it as root, but that's the easiest way to run it.
Here is a working unit for this:

    [Unit]
    Description=In-memory logging

    [Service]
    User=root
    Group=adm
    ExecStart=/usr/local/sbin/circologd -syslogd-socket /run/systemd/journal/syslog -buffer-size 2000 -query-socket /run/circolog/query.sock

    [Install]
    WantedBy=multi-user.target

### journald with socket activation

To run circologd as non-root, while listening on a root-owned socket (`/run/systemd/journal/syslog`) use
socket activation. Create a unit in `/etc/systemd/system/circolog.service`:

    [Unit]
    Description=In-memory logging

    [Service]
    User=nobody
    Group=nogroup
    ExecStart=/usr/local/sbin/circologd -syslogd-socket "" -buffer-size 2000 -query-socket /run/circolog/query.sock

    [Install]
    WantedBy=multi-user.target

Then symlink the `syslog.service` unit to the newly created one:

    ln -sf /etc/systemd/system/circolog.service /etc/systemd/system/syslog.service

and restart the service:

    systemctl daemon-reload
    systemctl restart syslog.service

Now circolog is activated and receives messages from `journald`.