The Flow of Logs on Linux

graph TB kernel[kernel logs] -->|/proc/kmsg|klogd dev-log[/dev/log] --> systemd-journal systemd-journal --> rsyslogd klogd --> rsyslogd[rsyslogd] app[user application] --> | libc|dev-log app --> |UDP/TCP 514|rsyslogd rsyslogd --> log-files log-files --> logrotate logrotate --> log-1 logrotate --> log-2 logrotate --> log-3