2

With systemd some things changed. So instead of tailing a specific file, I could now use journalctl to access the journal.

However, in /etc/systemd/journald.conf under [Journal] the option Storage=persistent seems to conflict with ForwardToSyslog=yes.

My intention here would be to enable the use of journalctl for the more recent events, say within a predefined period of a few days (e.g. MaxRetentionSec=1month) but also forward all events to my syslogd instance.

However, using journalctl -xe I can see that those messages that made it to syslogd definitely didn't make it to the persistent systemd journal.

How can I enable such a mode, i.e. to log into the persistent system journal and forward to syslogd?

# systemd --version systemd 229 +PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN
Improve this question

1 Answer 1

Reset to default
3

I'm not sure about your conclusion. Though I only have version 219, I see the same lines appearing in my /var/log/messages through syslog, as in the output of sudo journalctl --follow, for example when I do an ssh or logger -p kern.err abc or stop a service with systemctl.

I am using the default journald.conf of Storage=auto (which is similar to persistent when you have a directory /var/log/journal) and ForwardToSyslog=yes, with rsyslogd.

Note, you need to sudo journalctl to be able to read all the logs.

Improve this answer
1
  • 2
    You do not actually need to sudo. You need to be a member of the systemd-journal group. Commented Dec 9, 2017 at 18:55

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.