[syslog-ng] system() vs systemd-journal()
Balazs Scheidler
bazsi77 at gmail.com
Wed Feb 26 17:36:59 UTC 2020
You won't lose logs, the system source is just a wrapper around
systemd-journal()
It might be possible to accept default-facility () at the system() source
level.
On Wed, Feb 26, 2020, 15:43 Alexandre Santos <
alexandre.rosas.santos at gmail.com> wrote:
> Hi.
>
> I am using syslog-ng 3.19 in a Linux system.
>
> My sources configuration is:
> source s_src {
> system();
> internal();
> };
>
> I would like to stack traces to end up in another facility than local0,
> which is what is happening with the configuration above. This happens
> because local0 is default facility when SYSLOG_FACILITY entry of journald
> is not defined.
>
> So I changed my sources configuration to:
> source s_src {
> internal();
> systemd-journal(default-facility(local1));
> };
>
> And now the stacktraces are going to local1 facility.
>
> *Is there any difference between system() and systemd-journal() when using
> Linux? I am going to lose any logs?*
> Thanks in advance,
> Alex
>
> *BTW:*
>
>
>
> *source s_src { system(default-facility(local1)); internal();};*
> *Does not gives any error, but it does not have the desired effect.*
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200226/6a054f5b/attachment.html>
More information about the syslog-ng
mailing list