In an Ubuntu 16.04 box, there is an issue where copying / forwarding journal messages to / var / log / syslog seems to be delayed:
theuser @ host: /etc/systemd $ sudo journalctl -n 1 && sudo tail -n 1 / var / log / syslog
- The minutes start at Wed 2018-12-12 09:52:03 CST and end at Fri 2018-12-14 08:41:20 CST. -
December 14 08:41:20 host sudo[26760]: pam_unix (sudo: session): session opened by the user for the user "root" (uid = 0)
December 14 07:40:12 host sudo[2574]: * Log message truncated *
I confirmed that /etc/systemd/journald.conf did not set ForwardToSyslog = no (The default value of yes is presumably be used).
The problem appears sporadic and usually seems to be resolved by a reboot, but I was hoping to get some suggestions on what to check / what this might be causing, so I could look into a system that has the problem just occurs.
Another probably relevant piece of information is that I use Rsyslog to forward logs / var / log / syslog to an external protocol aggregation service.
Any tips on what to look for?