Time is very important when centralizing logging. Think about how confusing it can be to look in a log file that features multiple hosts, and discover interspersed time jumps.

It can also make log parsing hard, as we can use specific timestamps to properly arrange data, and we could miss something critical if our remote box has the wrong time.

TLS and secure transport are also something to think about, as mentioned in the introduction to this section. You can configure systemd-journal-remote to listen on HTTPS, instead of HTTP, as long as you sort your certificates properly.

For syslog, TLS and encryption can be a bit trickier, but there are more solutions to consider, such as streaming log data over an SSH tunnel, or using ...