Hello- What is the current "best practice" for a portable application to get structured data to rsyslog?
Most modern syslog daemons seem to support some type of JSON format, but applications still tend to use the old syslog(3) function for logging. If an application emits CEE JSON directly to syslog(3), and no special configuration is made to enable JSON parsing, the "typical" output file (/var/log/messages or distribution-specific equivalent) gets JSON printed to the log. That may be undesirable in the common case. Ideally, there would be a syslog()-like library call that an application could make to provide a "normal" syslog message as well as structured data. /var/log/messages would just get the "normal" syslog message, but System Administrators who care about structured logging could log the structured data to an alternate file, forward it to a central syslog daemon, or log it to a document store (mongodb, ElasticSearch, etc). That library would (again, ideally) be pervasive (available *by default* on most systems, like syslog.h today) or dead-simple to ship with an application (meaning a license that allows redistribution and a minimal number of files to pull into the application repository). I've read up on CEE and LumberJack, but both projects seem to be dead/crufty at this point. There's libumberlog and liblogging, but it's not clear that either of them fit the use case of being able to detect if the host "wants" structured logging and responding appropriately. I've also seen systemd's journal sd_journal_send(), which seems like a nice interface, but systemd is strictly linux-only. On linux, it looks like regular syslog would just get the message part (to log into /var/log/messages), but journalctl and rsyslog's imjournal could get at the structured data. That's really what I want, but without the annoyance of systemd being new and linux-only. I'd prefer not to pepper an application with #ifdef's to figure out if it should use the journald functions or something else. I'd like to see structured logging become the norm - is it possible to make it easy for application developers to add structured logging capabilities without introducing JSON to /var/log/messages for "simple" use cases? Thanks for any advice you can provide, ~Matt --- Matt Ezell HPC Systems Administrator Oak Ridge National Laboratory _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

