system() vs systemd-journal()
Hi. I am using syslog-ng 3.19 in a Linux system. My sources configuration is: source s_src { system(); internal(); }; I would like to stack traces to end up in another facility than local0, which is what is happening with the configuration above. This happens because local0 is default facility when SYSLOG_FACILITY entry of journald is not defined. So I changed my sources configuration to: source s_src { internal(); systemd-journal(default-facility(local1)); }; And now the stacktraces are going to local1 facility. *Is there any difference between system() and systemd-journal() when using Linux? I am going to lose any logs?* Thanks in advance, Alex *BTW:* *source s_src { system(default-facility(local1)); internal();};* *Does not gives any error, but it does not have the desired effect.*
You won't lose logs, the system source is just a wrapper around systemd-journal() It might be possible to accept default-facility () at the system() source level. On Wed, Feb 26, 2020, 15:43 Alexandre Santos < alexandre.rosas.santos@gmail.com> wrote:
Hi.
I am using syslog-ng 3.19 in a Linux system.
My sources configuration is: source s_src { system(); internal(); };
I would like to stack traces to end up in another facility than local0, which is what is happening with the configuration above. This happens because local0 is default facility when SYSLOG_FACILITY entry of journald is not defined.
So I changed my sources configuration to: source s_src { internal(); systemd-journal(default-facility(local1)); };
And now the stacktraces are going to local1 facility.
*Is there any difference between system() and systemd-journal() when using Linux? I am going to lose any logs?* Thanks in advance, Alex
*BTW:*
*source s_src { system(default-facility(local1)); internal();};* *Does not gives any error, but it does not have the desired effect.*
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi Guys, As far as I could test, the current wrapper swallows and discards any parameters passed to the system() source. Or at least the options don't show up in the preprocessed config even though being present in the original config file. It seems that the current form of the wrapper would need to be changed in order to accommodate passing options on to the sources it hides. The concept of the system() source is to provide portability of configuration for syslog-ng. It serves to hide the internals of how the system logs are fetched by syslog-ng. You see older systems without systemd required syslog-ng to listen on /dev/log, while newer systemd-enabled systems use systemd-journald to do that, and on those syslog-ng needs to query the logs from the systemd journal. And I haven't even mentioned Solars, AIX, *BSD or other exotic OSes. Best Regards, János -- Janos SZIGETVARI RHCE, License no. 150-053-692 <https://www.redhat.com/rhtapps/verify/?certId=150-053-692> LinkedIn: linkedin.com/in/janosszigetvari __@__˚V˚ Make the switch to open (source) applications, protocols, formats now: - windows -> Linux, iexplore -> Firefox, msoffice -> LibreOffice - msn -> jabber protocol (Pidgin, Google Talk) - mp3 -> ogg, wmv -> ogg, jpg -> png, doc/xls/ppt -> odt/ods/odp Balazs Scheidler <bazsi77@gmail.com> ezt írta (időpont: 2020. febr. 26., Sze, 18:37):
You won't lose logs, the system source is just a wrapper around systemd-journal()
It might be possible to accept default-facility () at the system() source level.
On Wed, Feb 26, 2020, 15:43 Alexandre Santos < alexandre.rosas.santos@gmail.com> wrote:
Hi.
I am using syslog-ng 3.19 in a Linux system.
My sources configuration is: source s_src { system(); internal(); };
I would like to stack traces to end up in another facility than local0, which is what is happening with the configuration above. This happens because local0 is default facility when SYSLOG_FACILITY entry of journald is not defined.
So I changed my sources configuration to: source s_src { internal(); systemd-journal(default-facility(local1)); };
And now the stacktraces are going to local1 facility.
*Is there any difference between system() and systemd-journal() when using Linux? I am going to lose any logs?* Thanks in advance, Alex
*BTW:*
*source s_src { system(default-facility(local1)); internal();};* *Does not gives any error, but it does not have the desired effect.*
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (3)
-
Alexandre Santos
-
Balazs Scheidler
-
SZIGETVÁRI János