Does anyone have experience with what is reflected in the subject question (Journalctl logs)?
I must copy the security log with Fedora Journalctl.
But which side to approach him, I do not know yet
systemd will send events to syslog. Which should write out to /var/log/..
rsyslog appears to have a listener configured (on centos at least) in
I guess you will need to restart the service
systemctl restart systemd-journald
your biggest trouble here is the binary format of the
journalctl logs. Quick and dirty solutions would be:
journalctl -finto a log file and monitor that in Splunk
ncatto send journalctl output directly into Splunk
Hope this helps ...
Yes, both options are not perfect, but it seems if there is no other choice on them have to stop.
Now looking information whether it is possible simultaneously to configure logging to files (similar secure.log)