TransWikia.com

Is rsyslog a mandatory requirement in Linux with journald?

Unix & Linux Asked by aardbol on November 28, 2021

Note that this question is mainly about the openSUSE distro, but a general answer will also be appreciated.

Since journald can be used to do all the logging work (when forwardtosyslog option is disabled), I was wondering whether I still need rsyslog on my machine. Knowing I’ll be working mainly with binary log files from then on, I would certainly consider to use it as main log processor because it’s intelligent by itself, requires minimal configuration and maintenance and comes with a lot of built in features to filter logs.

The first thing I tried was see whether I could uninstall the rsyslog package: sudo zypper rm rsyslog. It didn’t complain. But that result usually isn’t something to rely on by itself.

Therefore my question: do you know if something would break if I removed rsyslog?

debianlogsopensusersyslogsystemd journald

2 Answers

Nothing would break except for the actual logs your rsyslog was gathering according to configured policies and some optional tools you might be using, like various logwatches (reporting), DenyHosts (blocking ssh attempts) etc. Also you won't be able to receive logs send by other hosts (UDP/514).

Remember, that journald does NOT have virtually any policies for the logs. You cannot split logs to separate files, which might have different permissions (access to specific logs for specified users), different retention policy (logrotate), there is no filtering (except for the thresholds, at which journald starts throttling all the entries in single bucket), so in case of some spamming your journald output will be useless ...and your possibly precious logs might be expired and automatically removed from the disk. You cannot send some parts of logs to remote machine (only systemd-journal-upload, which sends everything) and there are many other limits not existing in full-blown syslog servers.

If you don't use any of the above (which are must-have on servers), i.e. if you haven't configured anything extra but the defaults, you probably won't need syslog server.

Answered by Grzegorz Gosh on November 28, 2021

journald completely replaces rsyslog thus the latter is optional.

Answered by Artem S. Tashkinov on November 28, 2021

Add your own answers!

Ask a Question

Get help from others!

Recent Questions

Recent Answers

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP