diff --git a/cookbooks/promtail/setup.rb b/cookbooks/promtail/setup.rb
index 1ac3083..cdfee71 100644
--- a/cookbooks/promtail/setup.rb
+++ b/cookbooks/promtail/setup.rb
@@ -16,6 +16,8 @@ template '/etc/promtail/base.yaml' do
   mode '644'
 
   variables(HOSTNAME: HOSTNAME, LOKIENDPOINT: node['promtail']['lokiendpoint'])
+
+  notifies :restart, 'service[promtail-base]'
 end
 
 # Deploy the `systemd` configuration:
diff --git a/cookbooks/promtail/templates/etc/promtail/base.yaml b/cookbooks/promtail/templates/etc/promtail/base.yaml
index 3c7307d..d7f9b96 100644
--- a/cookbooks/promtail/templates/etc/promtail/base.yaml
+++ b/cookbooks/promtail/templates/etc/promtail/base.yaml
@@ -56,7 +56,7 @@ scrape_configs:
       labels:
         job: sshd
         hostname: <%= @HOSTNAME %>
-        level: warning
+        level: info
         __path__: /var/log/auth.log
 
     pipeline_stages:
@@ -184,3 +184,40 @@ scrape_configs:
 
         - output:
             source: message
+
+  - job_name: login
+    journal:
+      json: false
+      max_age: 12h
+      path: /var/log/journal
+      labels:
+        job: login
+        level: notice
+        hostname: <%= @HOSTNAME %>
+
+    relabel_configs:
+      - action: keep
+        regex: 'systemd-logind.service'
+        source_labels:
+        - __journal__systemd_unit
+
+  - job_name: systemd
+    journal:
+      json: false
+      max_age: 12h
+      path: /var/log/journal
+      labels:
+        job: systemd
+        level: info
+        hostname: <%= @HOSTNAME %>
+
+    relabel_configs:
+      - action: keep
+        regex: '.*\.service'
+        source_labels:
+        - __journal__systemd_unit
+
+      - action: drop
+        regex: '.*(cron|supervisor|ssh|promtail|local|grafana|motd|dnsmasq|snapd|logind).*'
+        source_labels:
+        - __journal__systemd_unit