I'm running EndeavourOS and I noticed both rsyslogd and journald are active on my system. Since I'm seeing duplicate log entries and journald has better parsing options, I'm wondering if I can safely disable rsyslogd. I don't require centralized logging and would prefer to cut down on the redundancy. Is there anything important I should consider before making this choice? Also, could someone provide an example showing how both logging systems can be used and share what the rsyslog.conf and journald.conf files look like?
2 Answers
Yeah, you can disable rsyslogd if journald meets your needs! EndeavourOS, being Arch-based, gives you a lot of flexibility. Both rsyslogd and journald come enabled by default for compatibility with older apps that expect certain log files in `/var/log/`. If you’re not utilizing features like remote logging or any software that requires logs in `/var/log/syslog`, it’s fine to turn off rsyslogd. Just make sure you have journald configured to keep logs persistently.
To answer your other queries, if you're unsure about software that looks for `/var/log/messages` or `/var/log/syslog`, think of older applications or services that might need to check those files for logs. Compliance software usually refers to tools ensuring that your systems follow regulations—important for anyone considering a sysadmin career. It's great that you have journald persistence enabled; that will help maintain your logs even after a reboot.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures