Turn off syslog
We use systemd-journald on our machines to ship logs to logstash. We also have a syslog daemon active to write to logfiles, sometimes triplicating the messages (/var/log/kern.log, /var/log/messages, /var/log/syslog).
As logging is a non-critical infrastructure, and we go to great lengths to make sure all logs are synced to elasticsearch using journalbeat, we should be fine turning off syslog on our machines.
Migrated from T790 (view on Phabricator)