Configuring system logging without journald
Red Hat Enterprise Linux offers two logging solutions - systemd-journald and rsyslog - which can coexist in default configurations. For performance-critical use cases, data throughput and memory consumption of this setup are not optimal.
You can choose to run rsyslog in the socket-only mode to mitigate this. This way has performance benefits, however, it includes losing journald formatting as log messages are in plain text. For this reason, if you need to have access to structured systemd logs and you use their metadata, this is not a solution for your scenario.
-
Edit the
/etc/rsyslog.confrsyslog configuration file; turn on use of imuxsock local messages, comment out the loading of the imjournal module and uncomment the loading of the imklog module:module(load="imuxsock" # provides support for local system logging (e.g. via the logger command) SysSock.Use="on") # module(load="imjournal" # provides access to the systemd journal # StateFile="imjournal.state") # file to store the position in the journal module(load="imklog") # reads kernel messages (the same are read from journald) -
Edit the journald configuration at
/etc/systemd/journald.conf; switch journal to in-memory only mode and enable forwarding:[Journal] Storage=none ForwardToSyslog=yes -
Create drop-in for the rsyslog unit configuration file at
/etc/systemd/system/rsyslog.service.d/logging.confwith the following content to ensure socket creation and linking:# https://access.redhat.com/articles/4058681 [Unit] Requires=syslog.socket [Install] Alias=syslog.service -
Reboot the system to apply the changes
Comments