I'm discovering that syslog(-ng) has actually been replaced by systemd-journal, yet it still writes out log messages to /var/log/messages as syslog did for compatibility.

As we are starting to use splunk this will work for us. But I was wondering if SUSE is planning on changing this in the future ? They seem to like to change things without warning.

Another question I have: is it possible to modify or customize a log entries for logins so they are easily recognizable and perhaps add additional information like where a user logged in from (ip, hostname,etc......)