Debian 12 logging change and my syslog project
Picking back up from my technical posting on configuring centralized syslog this is what my logging directory looks like in Debian 12 (Bookworm). Things have gotten interesting since the last time I started a syslog project.
root@syslog01:/var/log# ls README cloud-init-output.log exim4 runit alternatives.log cloud-init.log journal unattended-upgrades apt dpkg.log lastlog wtmp btmp droplet-agent.update.log private
Well it looks like a lot of things have changed in the logging world since Debian 9. I know people have had their political arguments over time but looks like systemd has finally taken over logging as well. I have never really had a dog in the fight and just kind of took to systemd as it took over the Linux world. Here is the README content.
root@syslog01:/var/log# less README You are looking for the traditional text log files in /var/log, and they are gone? Here's an explanation on what's going on: You are running a systemd-based OS where traditional syslog has been replaced with the Journal. The journal stores the same (and more) information as classic syslog. To make use of the journal and access the collected log data simply invoke "journalctl", which will output the logs in the identical text-based format the syslog files in /var/log used to be. For further details, please refer to journalctl(1). Alternatively, consider installing one of the traditional syslog implementations available for your distribution, which will generate the classic log files for you. Syslog implementations such as syslog-ng or rsyslog may be installed side-by-side with the journal and will continue to function the way they always did. Thank you! Further reading: man:journalctl(1) man:systemd-journald.service(8) man:journald.conf(5) https://0pointer.de/blog/projects/the-journal.html README (END)
Now after some reading I believe I will keep using rsyslog or syslog-ng (the debate will rage on during this project). I think some users have legit concerns with corruption and journald.