The bare minimum you need to get circologd on a systemd-based system is this unit. Other options with more features or more security are provided below
[Unit]
Description=In-memory logging
[Service]
User=root
Group=adm
ExecStart=/usr/local/sbin/circologd -syslogd-socket /run/circolog/syslog.sock -buffer-size 2000 -query-socket /run/circolog/query.sock
[Install]
WantedBy=multi-user.target
This is another unit, which has several security features, such as DynamicUser
, filesystem restrictions, and
more.
[Unit]
Description=In-memory logging
[Service]
DynamicUser=true
Group=adm
RuntimeDirectory=circolog
# this is important: circologd will respect umask, so if you want to have files that are not world-readable, you must set it
RuntimeDirectoryMode=0750
UMask=0026
ProtectSystem=full
ExecStart=/usr/local/sbin/circologd -syslogd-socket /run/circolog/syslog.sock -buffer-size 2000 -query-socket /run/circolog/query.sock
# security restrictions; useful, but not needed
PrivateTmp=true
PrivateNetwork=true
NoNewPrivileges=true
Restrictnamespaces=true
#optional: watchdog
WatchdogSec=30
[Install]
WantedBy=multi-user.target
None of those are integrated with journald, however. The simplest way to integrate with journald is the following.
First of all, ensure ForwardToSyslog=yes
in /etc/systemd/journald.conf
.
Then, you need to run circologd as root and bind it to a special
address.
Ok, you don't strictly need to run it as root, but that's the easiest way to run it.
Here is a working unit for this:
[Unit]
Description=In-memory logging
[Service]
User=root
Group=adm
ExecStart=/usr/local/sbin/circologd -syslogd-socket /run/systemd/journal/syslog -buffer-size 2000 -query-socket /run/circolog/query.sock
[Install]
WantedBy=multi-user.target
To run circologd as non-root, while listening on a root-owned socket (/run/systemd/journal/syslog
) use
socket activation