Does this differentiate between errors and non-errors? Usually journald add some metadata if output goes to stdout vs stderr. I think journald logging is better then our current log files since we do not have log-rotating in place. There are some people that migh rely on some externals tools that parse log files so a release note will be required.
We are using nginx quite a bit but that all goes to the journal. I have just checked a handful of servers and none of them have anything outside the journal.
That being said, I’m a huge fan of the principle of least surprise, and if we are shipping services that by default or in their typical usecases outside of the default write logs directly to disk, we definitely should ship sane defaults for log rotation.
That sounds like a fine solution too. Obviously there is high value in keeping things consistent, and pretty much everything else logs to journald so that makes sense.
The only exceptions would be rsyslog and syslog-ng. Would you see a problem with having those services add automatic rotation?
We are using nginx quite a bit but that all goes to the journal. I have just checked a handful of servers and none of them have anything outside the journal.
One thing about journald though: it throws away log lines when the throughput is too high. If people want to do accounting on the logs that won’t work, so it should be optional (but maybe on by default)
Here’s an alternative configuration which logs to journald for all virtualhosts.
I also log errors to stderr rather than syslog, because it feels simpler (one fewer piece involved on the way to journald?). I don’t know if this has any practical consequences though.
Logging to stdout isn’t available for the access_log directive, sadly.
This is a very important point.
People may run with the assumption that nginx logs are always complete (as it was in the past).
If nginx suddenly started swallowing logs like systemd does, I’d certainly be very upset, as they are even more business-critical than normal system logs.
that is by default. Journald can be configured to not rate limit jobs, however malicious users may abuse this in certain ways. How To Change Log Rate Limiting In Linux
rsyslog has a rate limiting feature as well, however it is not enabled by default