[syslog-ng] system() vs systemd-journal()

[Alexandre Santos]

Hi.

I am using syslog-ng 3.19 in a Linux system.

My sources configuration is:
source s_src {
    system();
    internal();
};

I would like to stack traces to end up in another facility than local0,
which is what is happening with the configuration above. This happens
because local0 is default facility when SYSLOG_FACILITY entry of journald
is not defined.

So I changed my sources configuration to:
source s_src {
    internal();
    systemd-journal(default-facility(local1));
};

And now the stacktraces are going to local1 facility.

*Is there any difference between system() and systemd-journal() when using
Linux? I am going to lose any logs?*
Thanks in advance,
Alex

*BTW:*



*source s_src {    system(default-facility(local1));    internal();};*
*Does not gives any error, but it does not have the desired effect.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200226/2617311e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: syslog-ng_trace_with_conf1.log
Type: application/octet-stream
Size: 30145 bytes
Desc: not available
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200226/2617311e/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: syslog-ng_trace_with_conf2.log
Type: application/octet-stream
Size: 25818 bytes
Desc: not available
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200226/2617311e/attachment-0003.obj>