[syslog-ng] Filtering all systemd user service logs
Thomas Preisner
syslog-ng at tpreisner.de
Fri Apr 29 09:31:22 UTC 2022
Hello all,
I've been using syslog-ng for quite a while now to centrally collect
logs of a few computers running debian and it worked great. However, a
few weeks ago I enabled systemd user services on those machines and
since then, my 'daemon' logs have been basically completely flooded with
(in my opinion) useless log messages created by the aforementioned user
services.
So far, I've been using the following source configuration:
source src
{
internal();
system();
udp();
udp6();
};
Until now, I've been filtering out the user service logs with my
log-analysis tool using some regexes but due to the logs being
'user-controlled' (users can create arbitrary logs by simply creating
and starting custom systemd user services) this is obviously no
permanent solution. Even worse, the user-created logs end up in the
'daemon'-facility and not in the 'user'-facility as mentioned before.
Therefore, here my question: Is there any clean way to detect/filter out
these user service logs? I couldn't find anything relevant in the
documentation so far. After all, these logs are collected separately by
systemd-journald and then merged with the remaining system logs by
syslog-ng (at least as far as I see it).
Thank you for your response in advance!
Best regards,
Thomas Preisner
More information about the syslog-ng
mailing list