On many of the systems I deal with nowadays, having rsyslog (or some equivalent syslog daemon) installed is not really needed any more, because the system is already running systemd-journald. So I would like to get rid of rsyslog, thereby saving log storage space and log I/O-activity.
However, I like Checkmk’s logwatch, but logwatch currently is not able to pull messages from journald, as far as I can tell.
Has someone found a way to have logwatch pull messages from journald instead of pulling messages from syslog files?