[andor]

It's not a direct replacement. Journald does stuff that syslog can't do, but it doesn't reimplement everything. Instead, you can pipe to syslog if you want syslog features.

- Journald logs the whole boot process

- Journald can make sure that an item really came from some process. It also tries to seal the journal so that it can't be tempered with.

- It's built into the other systemd tools. For example, when you notice a daemon doesn't start through systemctl, it'll show you the error messages in systemctl status.

[hdevalence]

Note that the second point is quite important -- it provides a rolling hash of the journal contents that you can send to another machine, so that in the event of a break-in, you can detect any tampering with the syslogs. As I recall, this was inspired by the break-in to the kernel.org servers, where the attacker tampered with the log files. That would be impossible with journald.

[Sanddancer]

There are syslog daemons that can provide cryptographic security as well. Alternatively, they can also log directly to an SQL database, use SSL client certificates, etc. Modern syslog daemons are quite powerful.

[mateuszf]

Yeah, but journald works even on plain stdout, stderr. It's hard to beat that.

[rwmj]

It also provides a pretty sensible API for walking through the log from programs.

http://www.freedesktop.org/software/systemd/man/sd-journal.h...