diff --git a/man/systemd-pcrphase.service.xml b/man/systemd-pcrphase.service.xml
index fe7b58933b..ca037584cf 100644
--- a/man/systemd-pcrphase.service.xml
+++ b/man/systemd-pcrphase.service.xml
@@ -209,10 +209,10 @@
 
     <variablelist>
       <varlistentry>
-        <term><filename>/var/log/systemd/tpm2-measure.log</filename></term>
+        <term><filename>/run/log/systemd/tpm2-measure.log</filename></term>
 
         <listitem><para>Measurements are logged into an event log file maintained in
-        <filename>/var/log/systemd/tpm2-measure.log</filename>, which contains a <ulink
+        <filename>/run/log/systemd/tpm2-measure.log</filename>, which contains a <ulink
         url="https://www.rfc-editor.org/rfc/rfc7464.html">JSON-SEQ</ulink> series of objects that follow the
         general structure of the <ulink
         url="https://trustedcomputinggroup.org/resource/canonical-event-log-format/">TCG Common Event Log
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index c78d6ae65a..9cab153e45 100644
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -4305,7 +4305,7 @@ static const char* tpm2_userspace_event_type_table[_TPM2_USERSPACE_EVENT_TYPE_MA
 DEFINE_STRING_TABLE_LOOKUP(tpm2_userspace_event_type, Tpm2UserspaceEventType);
 
 const char *tpm2_userspace_log_path(void) {
-        return secure_getenv("SYSTEMD_MEASURE_LOG_USERSPACE") ?: "/var/log/systemd/tpm2-measure.log";
+        return secure_getenv("SYSTEMD_MEASURE_LOG_USERSPACE") ?: "/run/log/systemd/tpm2-measure.log";
 }
 
 static int tpm2_userspace_log_open(void) {
diff --git a/test/units/testsuite-70.sh b/test/units/testsuite-70.sh
index faa9db7cdd..7f7183da08 100755
--- a/test/units/testsuite-70.sh
+++ b/test/units/testsuite-70.sh
@@ -264,8 +264,8 @@ if [[ -x "$SD_PCREXTEND" ]] && tpm_has_pcr sha256 11 && tpm_has_pcr sha256 15; t
     rm -f /tmp/oldpcr15 /tmp/newpcr15
 
     # Check that the event log record was properly written:
-    test "$(jq --seq --slurp '.[0].pcr' < /var/log/systemd/tpm2-measure.log)" == "$(printf '\x1e15')"
-    test "$(jq --seq --slurp --raw-output '.[0].digests[1].digest' < /var/log/systemd/tpm2-measure.log) *stdin" == "$(echo -n "machine-id:994013bf23864ee7992eab39a96dd3bb" | openssl dgst -hex -sha256 -r)"
+    test "$(jq --seq --slurp '.[0].pcr' < /run/log/systemd/tpm2-measure.log)" == "$(printf '\x1e15')"
+    test "$(jq --seq --slurp --raw-output '.[0].digests[1].digest' < /run/log/systemd/tpm2-measure.log) *stdin" == "$(echo -n "machine-id:994013bf23864ee7992eab39a96dd3bb" | openssl dgst -hex -sha256 -r)"
 
     # And similar for the boot phase measurement into PCR 11
     tpm2_pcrread sha256:11 -Q -o /tmp/oldpcr11
@@ -276,10 +276,10 @@ if [[ -x "$SD_PCREXTEND" ]] && tpm_has_pcr sha256 11 && tpm_has_pcr sha256 15; t
         <(cat /tmp/oldpcr11 <(echo -n "foobar" | openssl dgst -binary -sha256) | openssl dgst -binary -sha256)
 
     # Check the event log for the 2nd record
-    jq --seq --slurp < /var/log/systemd/tpm2-measure.log
+    jq --seq --slurp < /run/log/systemd/tpm2-measure.log
 
-    test "$(jq --seq --slurp .[1].pcr < /var/log/systemd/tpm2-measure.log)" == "$(printf '\x1e11')"
-    test "$(jq --seq --slurp --raw-output .[1].digests[0].digest < /var/log/systemd/tpm2-measure.log) *stdin" == "$(echo -n "foobar" | openssl dgst -hex -sha256 -r)"
+    test "$(jq --seq --slurp .[1].pcr < /run/log/systemd/tpm2-measure.log)" == "$(printf '\x1e11')"
+    test "$(jq --seq --slurp --raw-output .[1].digests[0].digest < /run/log/systemd/tpm2-measure.log) *stdin" == "$(echo -n "foobar" | openssl dgst -hex -sha256 -r)"
 
     rm -f /tmp/oldpcr11 /tmp/newpcr11
 else