RHCSA – Rsyslogd and Journald

In RHEL7 there are 3 main systems for capturing logs:

  • rsyslogd – Running processes/services usually send log messages to rsyslogd, which in turn usually writes them into log files in /var/log/…
  • journald – This system is relatively new and came as part of systemd. It logs all information that it receives from systemd. For example if systemd fails to startup a process, then this failure will get logged via journald. It actually logs all the same messages that rsyslogd logs.
  • Write directly to a file. For example the apache software writes directly to log files, although it can be configured to pass log messages to rsyslogd instead. It’s best to use rsyslog where possible for better consistency.