2

With systemd some things changed. So instead of tailing a specific file, I could now use journalctl to access the journal.

However, in /etc/systemd/journald.conf under [Journal] the option Storage=persistent seems to conflict with ForwardToSyslog=yes.

My intention here would be to enable the use of journalctl for the more recent events, say within a predefined period of a few days (e.g. MaxRetentionSec=1month) but also forward all events to my syslogd instance.

However, using journalctl -xe I can see that those messages that made it to syslogd definitely didn't make it to the persistent systemd journal.

How can I enable such a mode, i.e. to log into the persistent system journal and forward to syslogd?

# systemd --version
systemd 229
+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN
0xC0000022L
  • 16,593

1 Answers1

3

I'm not sure about your conclusion. Though I only have version 219, I see the same lines appearing in my /var/log/messages through syslog, as in the output of sudo journalctl --follow, for example when I do an ssh or logger -p kern.err abc or stop a service with systemctl.

I am using the default journald.conf of Storage=auto (which is similar to persistent when you have a directory /var/log/journal) and ForwardToSyslog=yes, with rsyslogd.

Note, you need to sudo journalctl to be able to read all the logs.

meuh
  • 51,383
  • 2
    You do not actually need to sudo. You need to be a member of the systemd-journal group. – JdeBP Dec 09 '17 at 18:55