You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The agent now collects system logs and streams them to the panel. It follows the
systemd journal (journalctl -f -o json), maps each entry to a service (unit) and a
level (from syslog priority), batches them and sends them to the backend, where they
appear under Logs in the dashboard (filterable by service and level). The backend
can narrow collection to specific units via the log_services config; empty means all.
Read-only journal access, no privilege escalation. The installer adds the
unprivileged auranode user to the systemd-journal group and sets SupplementaryGroups=systemd-journal on the service. This grants read access to
the journal only — the agent is still not root, keeps NoNewPrivileges, ProtectSystem=strict and an empty CapabilityBoundingSet. This is the standard
approach for monitoring agents.
Graceful when unavailable. On systems without journalctl (non-systemd) or
without journal access, the collector simply produces nothing — it never fails the
agent. To enable log collection on an existing install, re-run the installer
(curl … | sudo bash) so the group membership and updated unit are applied.
