Jóhann> Right but you are going against downstream distribution policy and
Jóhann> unwilling yourself ( or have the consumer of the syslog-ng package do
Jóhann> that ) to change the default manually ( via journald.conf ) or
Jóhann> advocate for that change ( which would be simply advocating for
Jóhann> following upstream ).

As I said, changing the default is not my decision. That belongs to the
systemd package. A local administrator can, of course, override it.

But from the syslog-ng package, I am not allowed to touch another
package's config file. I could drop a snippet to journald.conf.d/, if it
were supported, and that would be the ideal solution.

Jóhann> If you are the syslog-ng maintainer in Debian then I guess you will
Jóhann> have to introduce conflicts with other sysloggers in other components
Jóhann> and have them remove the default syslogger ( assuming the journal has
Jóhann> not been made the default yet in Debian and something like rsyslog is
Jóhann> ) because if you go the snipped route you would overwrite the default
Jóhann> thus break rsyslog ( and others if they exist ) in the
Jóhann> process.

The syslogds already conflict with each other, so this part is covered.

Jóhann> What is Jessie using 215? if so you are probably stuck with 215 for
Jóhann> the reminder of Jessie which requires you to convince the Debian
Jóhann> systemd maintainers to backport the relevant patch(es) to make that
Jóhann> work.

Yep, but Jessie has syslog-ng 3.5, which uses the forwarder. (3.6 is
only in experimental, so plenty of time and opportunity to solve this
issue).

Jóhann> Does Debian have two syslog-ng components one tweak for journal as in
Jóhann> uses systemd-journal() along with filters and default journal tweaked
Jóhann> send declaration and another one that is tweaked for $other systemd
Jóhann> init systems since there are more tweaks than just systemd-journal()
Jóhann> which should be made as an default in that process?

That would be an option, but I'd rather have one component that
auto-detects what to use. One thing I've been discussing with syslog-ng
upstream is to use the forwarder if available, but emit a warning that
suggests turning it off, and using the native journal source. At least
until we can drop a snippet in journald.conf.d/.

Anyhow, possible solutions were found, thanks everyone for the swift
help and suggestions!

Martin> So we either need the journal.conf.d/ feature and have journal-pulling
Martin> sysloggers disable forwarding along the way, or we need to wait until
Martin> all packaged sysloggers can read from the journal before we turn off
Martin> forwarding by default.

For what its worth, syslog-ng upstream suggested another solution, that
appears to fix the issue (but I've yet to test it myself): if the
syslog-ng.service file does *not* Require=syslog.socket, then the
syslog.socket does not get started, and if it doesn't get started, the
journal will not do forwarding, either, and thus, the error messages
disappear too.

If this works (and I was assured it does), then no change is neccessary
in systemd itself, and I can trivially patch up the syslog-ng.service
file.

On Fedora all loggers apparently read from the journal directly now,
to my knowledge. So the code at least is there.

Lennart

Lennart> "other syslogds"? Which ones just out of curiosity? If both syslog-ng
Lennart> and rsyslog can now read directly from the journal I wonder what other
Lennart> syslog implementation debian wants to support there...

There's a handful of syslogds, including busybox-syslogd, and the
ancient sysklogd, among other things. Furthermore, we want to support
upgrades that continue running sysvinit, so we can't make the journal
reader default (unless the syslogd can - like syslog-ng - figure out
which one to use at run time). (iirc the default rsyslog.conf uses
/dev/log, and rsyslog translates that to /run/systemd/journal/syslog if
it detects systemd, thus preserving compatibility.)