Hi.

I am using syslog-ng 3.19 in a Linux system.

My sources configuration is:

source s_src {
    system();
    internal();
};

I would like to stack traces to end up in another facility than local0, which is what is happening with the configuration above. This happens because local0 is default facility when SYSLOG_FACILITY entry of journald is not defined.

So I changed my sources configuration to:

source s_src {
    internal();
    systemd-journal(default-facility(local1));
};

And now the stacktraces are going to local1 facility.

Is there any difference between system() and systemd-journal() when using Linux? I am going to lose any logs?

Thanks in advance,

Alex

BTW:

source s_src {
    system(default-facility(local1));
    internal();
};

Does not gives any error, but it does not have the desired effect.

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq