In this lesson, we explore centralized logging using journald on Ubuntu and preview Loki and Promtail for aggregating logs across multiple machines.
Configuring Persistent journald
By default, journald stores logs in volatile memory. To ensure logs survive reboots, enable persistent storage:
sudo mkdir -p /var/log/journal
sudo systemctl restart systemd-journald
Log Retention Planning
Set log retention policies in /etc/systemd/journald.conf:
MaxRetentionSec=1month
SystemMaxUse=1G
Introducing Loki and Promtail
Loki is a horizontally-scalable, highly available log aggregation system. Promtail is an agent that ships logs from journald to Loki.
Preview setup:
- Install Loki and Promtail.
- Configure Promtail to read from journald.
- Send logs to Loki for querying via Grafana.
This foundation sets the stage for full observability in later lessons.