[syslog-ng] setting sequenceId in forwarded log messages read from journald reader
Peter Vollmer
peter.vollmer at gmail.com
Mon Jul 27 07:23:19 UTC 2020
Hi,
I am currently trying to find a way to set meta.sequenceId of log messages
that have been read from the locally running systemd-journal to forward
them to a remote syslog server that expects the logs to contain a
sequenceId according to RFC 5424 section 7.3.1.
I found that a sequence number could be taken from the __CURSOR field
"i=..." of the journald log:
# journalctl -o json-pretty -f
...
"__CURSOR" :
"s=02a7b30ba17b4a43846f265706bd3a70;i=f01;b=ba633698f20848e480bca4e72476e4d3;m=1a355c1d5;t=5ab670340c8ea;x=33389988ef680e7e",
...
My problem is that the journal reader does not seem to parse the __CURSOR
string when reading from journald logs. Is there a way to get this
information into meta.sequenceId of the forwarded log without modifying the
systemd-journal module in syslog-ng ?
Thank you for any ideas and best regards
Peter Vollmer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200727/7dc5aadd/attachment.html>
More information about the syslog-ng
mailing list