Where are applications default send logs (systemd-journald or rsyslog)?

Hi,

I trust I understand the difference between systemd-journald and rsyslog.

What is confusing for me is where are applications default send logs in Fedora/RHEL8?

Are applications sending logs to journal and next journal sends them to rsyslog? Or rsyslog capture them from journal?

OR

In the opposite way, are applications sending logs to rsyslog and the next rsyslog sends them to journal? Or journal capture them from rsyslog?

And finally, are all logs in both log systems (in binary files of journal and in /var/log files)?

Thanks

2 Likes

You can set it up in different ways, but the basic setup is: the systemd journal owns the logging interface, and if you have rsyslog installed, it gets logs forwarded from there.

So, in the case of using both systems (journal and rsyslog) and using the standard logging interface do all logs store in both systems?

I do not take into account applications that send logs outside the standard logging interface.

Depends on the configuration, but — yes, it’s redundant. You can make it so the journal doesn’t store to disk if you want.

The rsyslog format is plain text, which has some obvious advantages, but the journal format is richer — it knows what fields are which, for example.

This doc explains the inner workings of logging and its storage.

https://docs.fedoraproject.org/en-US/fedora/f35/system-administrators-guide/monitoring-and-automation/Viewing_and_Managing_Log_Files/

1 Like