In the syslogd configuration, you can arrange to have specific retention 
factors for a given class of information.

AKA, I can have all kernel messages go to a specific file and that file can 
have a retention/rotation specified by size or date

For example, I can ensure I have 90 days of data for 'authpriv' level syslog 
data, if audit requires it. And that data would ONLY include 'authpriv' level 
data.

I don't see any options in journald to limit the scope for 'system' journal 
data, when configured to be persistent.

Are there any configuration options (or options in plan for the future) that 
will allow me to split this level of data into different managed storage with 
its own retention polices, much like how syslogd currently allows?

The long term goal in this case is to deprecate syslogd for audit record 
retention (among other uses).


Scott Fields

Kyndryl

Senior Lead SRE – BNSF

817-593-5038 (BNSF)

scott.fie...@kyndryl.com<mailto:scott.fie...@kyndryl.com>

scott.fie...@bnsf.com<mailto:scott.fie...@bnsf.com>


Reply via email to