On 13.12.23 21:58, Christopher Schultz wrote:
Thank you for your reply, but /var/log is basically empty (meaning very few files located there). journald has absorbed everything and files are no longer the way to get logs from systemd-based environments.
The only thing which contains non-trivial information is /var/log/journal/* which is a bunch of binary files.
My reply below shows how you can get the stunnel-related log messages. I don't believe they are available through any traditional text-based log file.
I don't know about Amazon Linux, but for Linux in general, that's not true. The "Red Hat way" (extending to Fedora, CentOS, Rocky, etc.), in particular, is to have journald pass all data to rsyslogd¹, which then deals with a) long-term plaintext file storage and b) forwarding to remote log servers, areas where journald is still not up to snuff AFAIK.
¹ Squashing the journald-ish structured data into the almost-entirely-flat olde syslog-style message format, of course.
Logically, RHELish distros still do run logrotate as well, and auditd logs directly to files in /var/log/audit/ (that it rotates itself), in spite of the OS being fully systemd based.
Kind regards,