On Tue, 3 Feb 2015, David Lang wrote:
On Tue, 3 Feb 2015, Brendan Kearney wrote:
@rainer - it seems slide 18 "Integrating journal data into syslog" is
where i am looking to go. with that, it seems i need to install the
rsyslog-mmjsonparse package.
if i am reading the slide correctly, all messages are sent through
mmjsonparse, and then written out to /var/log/ceelog using the
CEETemplate format.
I think you are mixing up an example with what's needed to get the data.
ok, having pulled up the slides
the module load for imjournal line polls the journal, asking for all logs since
the last time it asked for logs. This is rather inefficient, but if you need the
extra journald metadata, you need to do this since the journal won't send it
otherwise.
The alturnative to this is to have journald send the logs to rsyslog (for this,
lookup the journald documentation where they say that they don't break syslog
because they support delivering logs to syslog)
If you pull the data with imjournal, you then need mmjsonparse to pull the data
apart into different fields (assuming you want to manipulate or test those
fields)
the CEETemplate thing is just one optional way to output the data
David Lang
if i want to send the messages via RELP to a different box, would i
replace the second line with something like:
*.* :omrelp:192.168.1.1:20514;RSYSLOG_ForwardFormat
pretty much
@david - yes, i am looking for logs generated from the machine that all
other devices are sending their logs to. my question is exactly as you
state, how to get those logs to rsyslog.
given the effort to get journal data into syslog, i am not sure what i
need to be doing.
Ok, there are two methods of getting data from the journal on the local
machine into rsyslog
1. configure the journal to deliver logs to rsyslog
2. configure rsyslog to poll the journal and read data out of it with
imjournal
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
