I have noticed log messages are duplicated in journald and /var/log/messages on my CentOS 7 system. At first I thought it was the journald option ForwardToSyslog (which defaults to 'yes' in the installed version) which caused this behavior, but setting it to 'no' did not make a difference.
Obviously if I stop the rsyslog service the logging to /var/log/messages (and probably some other logs stop, but what I worry about when I do this if rsyslog is logging things that journald are not.
Is rsyslog only logging whatever it reads from journald or is it logging other things as well?
Extract from /etc/rsyslog.conf:
# The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
...
# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging on
Best Answer
From Red hat documentation, using the journal
From Red had documentation, rsyslog journal interaction
From Red hat documentation, journal storage
Based on this I would say that rsyslog is redundant if journald persistent storage is enabled and there are no applications that depend on the specific files and format produced by rsyslog, the content is the same.