I have attempted to use systemd-journald as a centralized log collector, it works fine and the interface provided by journalctl is very convenient to quickly find things, following logs and other things.
But I quickly discovered the performance implications of doing so, as when the journal gets over a certain size, it practically ceases to function. See https://github.com/systemd/systemd/issues/2460 for details. This makes rsyslog's omjournal, and systemd-journal-remote basically useless, right? So, serious question, can the journal be migrated to a better (indexed?) database format, for example SQLite? - if no, why not? - if yes, what would a migration path look like? - - Implementation bikeshed question, 1 giant db file, or 1 db file per day/hour/gb/tb? I mentioned SQLite as an example of one that could be used, not sure if the Public Domain license it has would be a problem though. ~ Gunnar
