[syslog-ng] system() vs systemd-journal()
SZIGETVÁRI János
jszigetvari at gmail.com
Thu Feb 27 09:43:41 UTC 2020
Hi Guys,
As far as I could test, the current wrapper swallows and discards any
parameters passed to the system() source.
Or at least the options don't show up in the preprocessed config even
though being present in the original config file.
It seems that the current form of the wrapper would need to be changed in
order to accommodate passing options on to the sources it hides.
The concept of the system() source is to provide portability of
configuration for syslog-ng.
It serves to hide the internals of how the system logs are fetched by
syslog-ng. You see older systems without systemd required syslog-ng to
listen on /dev/log, while newer systemd-enabled systems use
systemd-journald to do that, and on those syslog-ng needs to query the logs
from the systemd journal. And I haven't even mentioned Solars, AIX, *BSD or
other exotic OSes.
Best Regards,
János
--
Janos SZIGETVARI
RHCE, License no. 150-053-692
<https://www.redhat.com/rhtapps/verify/?certId=150-053-692>
LinkedIn: linkedin.com/in/janosszigetvari
__ at __˚V˚
Make the switch to open (source) applications, protocols, formats now:
- windows -> Linux, iexplore -> Firefox, msoffice -> LibreOffice
- msn -> jabber protocol (Pidgin, Google Talk)
- mp3 -> ogg, wmv -> ogg, jpg -> png, doc/xls/ppt -> odt/ods/odp
Balazs Scheidler <bazsi77 at gmail.com> ezt írta (időpont: 2020. febr. 26.,
Sze, 18:37):
> You won't lose logs, the system source is just a wrapper around
> systemd-journal()
>
> It might be possible to accept default-facility () at the system() source
> level.
>
> On Wed, Feb 26, 2020, 15:43 Alexandre Santos <
> alexandre.rosas.santos at gmail.com> wrote:
>
>> Hi.
>>
>> I am using syslog-ng 3.19 in a Linux system.
>>
>> My sources configuration is:
>> source s_src {
>> system();
>> internal();
>> };
>>
>> I would like to stack traces to end up in another facility than local0,
>> which is what is happening with the configuration above. This happens
>> because local0 is default facility when SYSLOG_FACILITY entry of journald
>> is not defined.
>>
>> So I changed my sources configuration to:
>> source s_src {
>> internal();
>> systemd-journal(default-facility(local1));
>> };
>>
>> And now the stacktraces are going to local1 facility.
>>
>> *Is there any difference between system() and systemd-journal() when
>> using Linux? I am going to lose any logs?*
>> Thanks in advance,
>> Alex
>>
>> *BTW:*
>>
>>
>>
>> *source s_src { system(default-facility(local1)); internal();};*
>> *Does not gives any error, but it does not have the desired effect.*
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200227/c2de0daf/attachment.html>
More information about the syslog-ng
mailing list