Debian 12 has stopped writing system logs to traditional log files and now only uses journald by default (see release notes).
This makes the system module unable to ingest data because it expects to read direct from files.
We need to find the best way to detect the whether files or journald is used to store the system logs and configure the correct input (log/filestream or journald).
There is a similar issue in the integrations repository to handle the System Integration for Elastic-Agent: elastic/integrations#10797
Debian 12 has stopped writing system logs to traditional log files and now only uses journald by default (see release notes).
This makes the system module unable to ingest data because it expects to read direct from files.
We need to find the best way to detect the whether files or journald is used to store the system logs and configure the correct input (log/filestream or journald).
There is a similar issue in the integrations repository to handle the System Integration for Elastic-Agent: elastic/integrations#10797