[syslog-ng] journald prefix
Fabien Wernli
wernli at in2p3.fr
Wed Jul 29 12:38:43 UTC 2020
Hi,
I'm in the process of simplifying my structured logging config.
Most of my systems now have journald shipping local logs to syslog-ng via
the `system()` auto-expanding source.
While this is convenient, as it makes it possible to use the same config for
all my systems (systemd and rest of world), it also makes it impossible to
configure the underlying driver's defaults.
The task at hand is shipping the journald additional fields, which would be
easy to do using the following excerpt from the documentation:
source s_journald {
systemd-journal(prefix(".SDATA.journald."));
};
This is not possible of course using `system()`.
I've got a couple of ideas on how to handle this, but I'd like to hear
other (probably less insane than my own) ways first :-)
Cheers
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2801 bytes
Desc: not available
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200729/5e84df50/attachment.bin>
More information about the syslog-ng
mailing list