Skip to content

💡 Feature: Add Systemd Journal (journalctl) Log Support #66

New issue
New issue
Open
Open
💡 Feature: Add Systemd Journal (journalctl) Log Support#66
Labels
App › CSFRelated to ConfigServer Security & FirewallType › FeatureFeature request
@Aetherinox

Description

@Aetherinox
Aetherinox
opened on Dec 7, 2025

Control Panel › Name

All

Category

🧱 Firewall / Security



About

Currently, CSF only supports traditional flat log files such as those provided by syslog and rsyslog. Modern systems using systemd rely on journald, which stores logs in a structured binary format accessed through journalctl. Because CSF/LFD cannot natively read from the systemd journal, important authentication and security events may be missed when no flat log files are present.

This request has been in discussion within the CSF community for quite some time, but has not been started yet.



Feature

This submission adds native journalctl/journald support so that CSF can monitor system logs directly on systems that no longer uses the classic flat log files.



Tasks

  • Base support for journald
  • Backwards compatibility for syslog/rsyslog flat log files
  • Ensure CSF can tail journald streams in real time
  • Add filtering for SSH, su, sudo, login, cPanel, DA, mail, and other event types
  • Add configuration switches in csf.conf (USE_JOURNALD = "1")

Screenshots

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    App › CSFRelated to ConfigServer Security & FirewallType › FeatureFeature request

    Projects

    ConfigServer Security & Firewall

    Status

    Queue

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions