If I’m using Arch or another minimal distro, is it a good idea to install a syslog daemon? Or can I go without?
You dont need syslog. Journald is good enough for most systems.
I also don’t like the duplication of logs in journald and syslog, so I always disable forwarding to syslog
Whatever floats your boat, but if something goes wrong you don’t really have anything to figure out what’s going on.
It’s not necessary, but a good thing to have if something goes wrong and you want to debug/monitor something. It’s really up to you and your needs.
It’s often more useful for minimal installations to keep the system log daemon running so that you can see when things happen and stop them from happening.
Especially now that even very low power embedded systems run multiple cpu cores at multi-ghz clocks, interface with gigabytes of memory, hundreds of gigabytes of attached storage and communicate through multi-gigabit network links, lots of stuff can be happening that is unwanted or simply unnecessary without any external indications.
What are you trying to accomplish by not running a syslog daemon?
wish I knew how to use the journal, seems like there isn’t any good way to just search the previous session’s logs without a mountain of fuss or having to guess file names
Check that you actually have persistent storage enabled. (See
man journald.conf
and search forStorage
)Read up on the numerous parameters to journalctl. (
man journalctl
)journalctl --boot -2
will show logs from previous boot.journalctl --since "-2 weeks" --unit=sshd
last two weeks worth of sshd logs.
If you’re on arch you use redhat’s garbage. On non-corpo linux syslog can be disabled if you want, though I’d prefer to just symlink/mount /var/log to a memory filesystem instead.
On non-corpo linux syslog can be disabled
systemctl disable --now systemd-journald
I’d prefer to just symlink/mount /var/log to a memory filesystem instead
Set
Storage=volatile
in/etc/systemd/journald.conf
Like how you cropped my message to make it seem like I was implying you couldn’t disable logging on systemd
Then what’s the meaning of this whole part?
On non-corpo linux syslog can be disabled if you want, though I’d prefer to just symlink/mount /var/log to a memory filesystem instead.
Is it just a random tidbit that could be replaced with a blueberry muffin recipe without any change of meaning of the whole comment? Because it sure won’t help OP at all with their Arch-specific question, so it’s either that, or it provides contrast to the “corpo Linux”, which is how I interpreted it.
And here’s the remaining part of your comment I left out, just to make sure people won’t lose the context between two three sentence long comments (for those without any attention span, it comes before the previous quoted part):
If you’re on arch you use redhat’s garbage.