Journald is a system service for collecting and storing log data, introduced with systemd. It tries to make it easier for system administrators to find interesting and relevant information among an ever-increasing amount of log messages. One of the main differences in journald was to replace simple plain text log files with a special file format optimized for log messages. This file format allows system administrators to access relevant messages more efficiently. It also brings some of the power of database-driven centralized logging implementations to individual systems.
The main administrative challenge with journald is to make sure it doesn’t eat up all your drive space. By default, journald does not automatically cleanup older logs. Systemd stores the journal logs in /var/log/journal and has a systemctl command to help clear them. There are generally two ways to do this.
Clear journals older than X days
The first one is time-based, clearing everything older than say 30 days.
journalctl --vacuum-time=30d
Clear journals if they exceed X storage
This alternative will clear older logs until their size is at or under say 1 GB
journalctl --vacuum-size=1G
Setup automatic cleaning
After you decide what retention works best for you, you can create a cron task to regularly cleanup your journal logs. For me, I prefer to use both options so journald retains no more than 30 days AND it does not exceed 1 GB. The following will create a daily cron task that will employ both the vacuum-time and vacuum-size options.
(crontab -l ; echo "@daily journalctl --vacuum-time=30d --vacuum-size=1G" )| crontab -