Systemd Journal
The agent can collect logs directly from systemd-journal, providing visibility into system services, daemons, and kernel messages.
How it works
The agent uses the journald collector to read logs from the systemd-journal.
These logs include messages from system services, critical errors, warnings, and other structured events that are not written to plain text log files.
Access requirements
By default, the simob-agent system service is granted read access to journal files through system-wide capabilities.
These capabilities allow the agent to access journal entries without needing to be in the systemd-journal group.
If this capability-based access is disabled (for example, when using the --no-system-read installation flag), journald log
collection will not work unless the agent user has explicit group permissions.
Verify and manage group membership
If you have disabled capability-based access, ensure that the simob-agent user is part of the systemd-journal group.
To verify:
If systemd-journal is not listed, add the user manually: