diff --git a/ChangeLog b/ChangeLog
index 2f5a158b..08708a08 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -34,6 +34,8 @@ ver. 0.9.4 (2015/XX/XXX) - wanna-be-released
      (Thanks M. Maraun)
    * Added check against atacker's Googlebot PTR fake records
      (Thanks Pablo Rodriguez Fernandez)
+   * Add *_backend options for services to allow distros to set the default
+     backend per service, set default to systemd for Fedora as appropriate
 
 ver. 0.9.3 (2015/08/01) - lets-all-stay-friends
 ----------
diff --git a/config/jail.conf b/config/jail.conf
index 7500f4ff..36fe6bcf 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -216,6 +216,7 @@ action = %(action_)s
 
 port    = ssh
 logpath = %(sshd_log)s
+backend = %(sshd_backend)s
 
 
 [sshd-ddos]
@@ -224,12 +225,14 @@ logpath = %(sshd_log)s
 # in the body.
 port    = ssh
 logpath = %(sshd_log)s
+backend = %(sshd_backend)s
 
 
 [dropbear]
 
 port     = ssh
 logpath  = %(dropbear_log)s
+backend  = %(dropbear_backend)s
 
 
 [selinux-ssh]
@@ -393,6 +396,7 @@ maxretry = 5
 
 port     = http,https
 logpath  = %(syslog_daemon)s
+backend  = %(syslog_backend)s
 
 [guacamole]
 
@@ -410,12 +414,14 @@ logpath  = /var/log/monit
 
 port    = 10000
 logpath = %(syslog_authpriv)s
+backend = %(syslog_backend)s
 
 
 [froxlor-auth]
 
 port    = http,https
 logpath  = %(syslog_authpriv)s
+backend  = %(syslog_backend)s
 
 
 #
@@ -444,12 +450,14 @@ logpath = /var/log/3proxy.log
 
 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(proftpd_log)s
+backend  = %(proftpd_backend)s
 
 
 [pure-ftpd]
 
 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(pureftpd_log)s
+backend  = %(pureftpd_backend)s
 maxretry = 6
 
 
@@ -457,6 +465,7 @@ maxretry = 6
 
 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(syslog_daemon)s
+backend  = %(syslog_backend)s
 maxretry = 6
 
 
@@ -464,6 +473,7 @@ maxretry = 6
 
 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(wuftpd_log)s
+backend  = %(wuftpd_backend)s
 maxretry = 6
 
 
@@ -491,18 +501,21 @@ logpath  = /root/path/to/assp/logs/maillog.txt
 
 port     = smtp,465,submission
 logpath  = %(syslog_mail)s
+backend  = %(syslog_backend)s
 
 
 [postfix]
 
 port     = smtp,465,submission
 logpath  = %(postfix_log)s
+backend  = %(postfix_backend)s
 
 
 [postfix-rbl]
 
 port     = smtp,465,submission
-logpath  = %(syslog_mail)s
+logpath  = %(postfix_mail)s
+backend  = %(postfix_backend)s
 maxretry = 1
 
 
@@ -510,12 +523,14 @@ maxretry = 1
 
 port    = submission,465,smtp
 logpath = %(syslog_mail)s
+backend = %(syslog_backend)s
 
 
 [sendmail-reject]
 
 port     = smtp,465,submission
 logpath  = %(syslog_mail)s
+backend  = %(syslog_backend)s
 
 
 [qmail-rbl]
@@ -531,12 +546,14 @@ logpath = /service/qmail/log/main/current
 
 port    = pop3,pop3s,imap,imaps,submission,465,sieve
 logpath = %(dovecot_log)s
+backend = %(dovecot_backend)s
 
 
 [sieve]
 
 port   = smtp,465,submission
 logpath = %(dovecot_log)s
+backend = %(dovecot_backend)s
 
 
 [solid-pop3d]
@@ -572,6 +589,7 @@ logpath = /opt/kerio/mailserver/store/logs/security.log
 
 port     = smtp,465,submission,imap3,imaps,pop3,pop3s
 logpath  = %(syslog_mail)s
+backend  = %(syslog_backend)s
 
 
 [postfix-sasl]
@@ -581,12 +599,14 @@ port     = smtp,465,submission,imap3,imaps,pop3,pop3s
 # running postfix since it would provide the same log lines at the
 # "warn" level but overall at the smaller filesize.
 logpath  = %(postfix_log)s
+backend  = %(postfix_backend)s
 
 
 [perdition]
 
 port   = imap3,imaps,pop3,pop3s
 logpath = %(syslog_mail)s
+backend = %(syslog_backend)s
 
 
 [squirrelmail]
@@ -599,12 +619,14 @@ logpath = /var/lib/squirrelmail/prefs/squirrelmail_access_log
 
 port   = imap3,imaps
 logpath = %(syslog_mail)s
+backend = %(syslog_backend)s
 
 
 [uwimap-auth]
 
 port   = imap3,imaps
 logpath = %(syslog_mail)s
+backend = %(syslog_backend)s
 
 
 #
@@ -686,6 +708,7 @@ maxretry = 10
 
 port     = 3306
 logpath  = %(mysql_log)s
+backend  = %(mysql_backend)s
 maxretry = 5
 
 
@@ -712,12 +735,14 @@ maxretry = 5
 # pam-generic filter can be customized to monitor specific subset of 'tty's
 banaction = iptables-allports
 logpath  = %(syslog_authpriv)s
+backend  = %(syslog_backend)s
 
 
 [xinetd-fail]
 
 banaction = iptables-multiport-log
 logpath   = %(syslog_daemon)s
+backend   = %(syslog_backend)s
 maxretry  = 2
 
 
@@ -748,6 +773,7 @@ action  = %(banaction)s[name=%(__name__)s-tcp, port="%(tcpport)s", protocol="tcp
 
 enabled  = false
 logpath  = %(syslog_daemon)s     ; nrpe.cfg may define a different log_facility
+backend  = %(syslog_backend)s
 maxretry = 1
 
 
diff --git a/config/paths-common.conf b/config/paths-common.conf
index bf3cfb6a..7a88e5ce 100644
--- a/config/paths-common.conf
+++ b/config/paths-common.conf
@@ -8,8 +8,10 @@ after  = paths-overrides.local
 [DEFAULT]
 
 sshd_log = %(syslog_authpriv)s
+sshd_backend = auto
 
 dropbear_log = %(syslog_authpriv)s
+dropbear_backend = auto
 
 # There is no sensible generic defaults for syslog log targets, thus
 # leaving them empty here so that no errors while parsing/interpolating configs
@@ -18,6 +20,8 @@ syslog_ftp =
 syslog_local0 =
 syslog_mail_warn =
 syslog_user =
+# Set the default syslog backend target to auto
+syslog_backend = auto
 
 # from /etc/audit/auditd.conf
 auditd_log = /var/log/audit/audit.log
@@ -38,14 +42,17 @@ suhosin_log = %(syslog_user)s %(lighttpd_error_log)s
 
 # defaults to ftp or local2 if ftp doesn't exist
 proftpd_log = %(syslog_ftp)s
+proftpd_backend = auto
 
 # http://svnweb.freebsd.org/ports/head/ftp/proftpd/files/patch-src_proftpd.8.in?view=markup
 # defaults to ftp but can be overwritten.
 pureftpd_log = %(syslog_ftp)s
+pureftpd_backend = auto
 
 # ftp, daemon and then local7 are tried at configure time however it is overwriteable at configure time
 #
 wuftpd_log = %(syslog_ftp)s
+wuftpd_backend = auto
 
 # syslog_enable defaults to no. so it defaults to vsftpd_log_file setting of /var/log/vsftpd.log
 # No distro seems to set it to syslog by default
@@ -54,13 +61,16 @@ vsftpd_log = /var/log/vsftpd.log
 
 # Technically syslog_facility in main.cf can overwrite but no-one sane does this.
 postfix_log = %(syslog_mail_warn)s
+postfix_backend = auto
 
 dovecot_log = %(syslog_mail_warn)s
+dovecot_backend = auto
 
 # Seems to be set at compile time only to LOG_LOCAL0 (src/const.h) at Notice level
 solidpop3d_log = %(syslog_local0)s
 
 mysql_log = %(syslog_daemon)s
+mysql_backend = auto
 
 roundcube_errors_log = /var/log/roundcube/errors
 
diff --git a/config/paths-fedora.conf b/config/paths-fedora.conf
index c5601d3c..b3c978ca 100644
--- a/config/paths-fedora.conf
+++ b/config/paths-fedora.conf
@@ -37,3 +37,15 @@ exim_main_log = /var/log/exim/main.log
 mysql_log = /var/lib/mysql/mysqld.log
 
 roundcube_errors_log = /var/log/roundcubemail/errors
+
+# These services will log to the journal via syslog, so use the journal by
+# default.
+syslog_backend = systemd
+sshd_backend = systemd
+dropbear_backend = systemd
+proftpd_backend = systemd
+pureftpd_backend = systemd
+wuftpd_backend = systemd
+postfix_backend = systemd
+dovecot_backend = systemd
+mysql_backend = systemd