diff --git a/plinth/modules/config/forms.py b/plinth/modules/config/forms.py
index 1b57e41fb..a35044823 100644
--- a/plinth/modules/config/forms.py
+++ b/plinth/modules/config/forms.py
@@ -99,3 +99,15 @@ class ConfigurationForm(forms.Form):
         help_text=gettext_lazy(
             'Show apps and features that require more technical '
             'knowledge.'))
+
+    logging_mode = forms.ChoiceField(
+        label=gettext_lazy('System-wide logging'),
+        choices=(('none', gettext_lazy('Disable logging, for privacy')),
+                 ('volatile',
+                  gettext_lazy('Keep some in memory until a restart, '
+                               'for performance')),
+                 ('persistent',
+                  gettext_lazy('Write to disk, useful for debugging'))),
+        help_text=gettext_lazy(
+            'Logs contain information about who accessed the system and debug '
+            'information from various services'))
diff --git a/plinth/modules/config/privileged.py b/plinth/modules/config/privileged.py
new file mode 100644
index 000000000..264f668ae
--- /dev/null
+++ b/plinth/modules/config/privileged.py
@@ -0,0 +1,58 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
+"""Configure miscellaneous system settings."""
+
+import pathlib
+
+import augeas
+
+from plinth import action_utils
+from plinth.actions import privileged
+
+JOURNALD_FILE = pathlib.Path('/etc/systemd/journald.conf.d/50-freedombox.conf')
+
+
+def load_augeas():
+    """Initialize Augeas."""
+    aug = augeas.Augeas(flags=augeas.Augeas.NO_LOAD +
+                        augeas.Augeas.NO_MODL_AUTOLOAD)
+    aug.transform('Puppet', str(JOURNALD_FILE))
+    aug.set('/augeas/context', '/files' + str(JOURNALD_FILE))
+    aug.load()
+    return aug
+
+
+def get_logging_mode() -> str:
+    """Return the logging mode as none, volatile or persistent."""
+    aug = load_augeas()
+    storage = aug.get('Journal/Storage')
+    if storage in ('volatile', 'persistent', 'none'):
+        return storage
+
+    # journald's default is 'auto'. On Debian systems, 'auto' is same
+    # 'persistent' because /var/log/journal exists by default.
+    return 'persistent'
+
+
+@privileged
+def set_logging_mode(mode: str) -> None:
+    """Set the current logging mode."""
+    if mode not in ('volatile', 'persistent', 'none'):
+        raise ValueError('Invalid mode')
+
+    aug = load_augeas()
+    aug.set('Journal/Storage', mode)
+    if mode == 'volatile':
+        aug.set('Journal/RuntimeMaxUse', '5%')
+        aug.set('Journal/MaxFileSec', '6h')
+        aug.set('Journal/MaxRetentionSec', '2day')
+    else:
+        aug.remove('Journal/RuntimeMaxUse')
+        aug.remove('Journal/MaxFileSec')
+        aug.remove('Journal/MaxRetentionSec')
+
+    JOURNALD_FILE.parent.mkdir(exist_ok=True)
+    aug.save()
+
+    # systemd-journald is socket activated, it may not be running and it does
+    # not support reload.
+    action_utils.service_try_restart('systemd-journald')
diff --git a/plinth/modules/config/tests/test_config.py b/plinth/modules/config/tests/test_config.py
index 378626a4b..265512e25 100644
--- a/plinth/modules/config/tests/test_config.py
+++ b/plinth/modules/config/tests/test_config.py
@@ -29,14 +29,16 @@ def test_hostname_field():
     for hostname in valid_hostnames:
         form = ConfigurationForm({
             'hostname': hostname,
-            'domainname': 'example.com'
+            'domainname': 'example.com',
+            'logging_mode': 'volatile'
         })
         assert form.is_valid()
 
     for hostname in invalid_hostnames:
         form = ConfigurationForm({
             'hostname': hostname,
-            'domainname': 'example.com'
+            'domainname': 'example.com',
+            'logging_mode': 'volatile'
         })
         assert not form.is_valid()
 
@@ -57,14 +59,16 @@ def test_domainname_field():
     for domainname in valid_domainnames:
         form = ConfigurationForm({
             'hostname': 'example',
-            'domainname': domainname
+            'domainname': domainname,
+            'logging_mode': 'volatile'
         })
         assert form.is_valid()
 
     for domainname in invalid_domainnames:
         form = ConfigurationForm({
             'hostname': 'example',
-            'domainname': domainname
+            'domainname': domainname,
+            'logging_mode': 'volatile'
         })
         assert not form.is_valid()
 
diff --git a/plinth/modules/config/views.py b/plinth/modules/config/views.py
index ceddffad2..1e5599022 100644
--- a/plinth/modules/config/views.py
+++ b/plinth/modules/config/views.py
@@ -13,6 +13,7 @@ from plinth.modules import config
 from plinth.signals import (domain_added, domain_removed, post_hostname_change,
                             pre_hostname_change)
 
+from . import privileged
 from .forms import ConfigurationForm
 
 LOGGER = logging.getLogger(__name__)
@@ -30,6 +31,7 @@ class ConfigAppView(views.AppView):
             'domainname': config.get_domainname(),
             'homepage': config.get_home_page(),
             'advanced_mode': config.get_advanced_mode(),
+            'logging_mode': privileged.get_logging_mode(),
         }
 
     def form_valid(self, form):
@@ -37,6 +39,8 @@ class ConfigAppView(views.AppView):
         old_status = form.initial
         new_status = form.cleaned_data
 
+        is_changed = False
+
         if old_status['hostname'] != new_status['hostname']:
             try:
                 set_hostname(new_status['hostname'])
@@ -87,6 +91,13 @@ class ConfigAppView(views.AppView):
                     messages.success(self.request,
                                      _('Hiding advanced apps and features'))
 
+        if old_status['logging_mode'] != new_status['logging_mode']:
+            privileged.set_logging_mode(new_status['logging_mode'])
+            is_changed = True
+
+        if is_changed:
+            messages.success(self.request, _('Configuration updated'))
+
         return super(views.AppView, self).form_valid(form)