Journal logs
The agent collects logs directly from systemd-journal, providing visibility into system services, daemons, and kernel messages. This captures critical system events and service logs that are not written to standard log files.
Setup
Journal monitoring is enabled by default on systems using systemd. The agent automatically detects the journalctl binary and verifies execution permissions upon startup. By default, it uses system capabilities to read entries; if these are restricted, ensure the simob-agent user is part of the systemd-journal group.
Expected log format
The collector uses the journalctl -o json output format to retrieve structured entries. No manual log formatting is required as the agent interacts directly with the systemd API.
Configuration
Journal collection is enabled by default. The agent tails the journal for new entries and streams them to your dashboard. No additional configuration is required.
Logs
The agent extracts structured metadata from each journal entry to provide granular filtering:
Labels
| Label | Description | Example / Values |
|---|---|---|
priority | The log severity level. | error, warning, info, debug |
identifier | The process or service that generated the log. | nginx, kernel, sshd |
source | Identifies the origin collector. | journalctl |
Troubleshooting
Verify group membership
If journal logs are not appearing and system capabilities are disabled, ensure the simob-agent user is part of the systemd-journal group:
groups simob-agentIf the group is missing, add it manually:
sudo usermod -aG systemd-journal simob-agent