I'm running CentOS 7.4 with systemd 219 with a compiled rsyslog 8.30.0. My rsyslog configuration can be found here: https://gist.github.com/ naftulikay/605e6fcfc90dc1ca7c924baa11bf87db
Essentially, I have a TCP 127.0.0.1:514, UDP 127.0.0.1:514, Unix socket /run/systemd/journa/syslog, and the systemd journal module as inputs, with an omfwd output to Loggly, a hosted logging service which speaks syslog. My server boots without rsyslog installed, then installs rsyslog and my logging configuration on server boot. I have ensured that the journal state file is removed before rsyslog starts, but I'm seeing that most of the journal messages are not sent to Loggly from boot. I do see sudo logs like this: naftuli : TTY=pts/0 ; PWD=/home/naftuli ; USER=root ; COMMAND=/usr/bin/journalctl However, digging back through the journal, I do not see messages like this: Oct 25 17:45:26 greyskull-akv3idjf.dev.grindr.io cloud-init[13155]: Cloud-init v. 0.7.9 finished at Wed, 25 Oct 2017 17:45:26 +0000. Datasource DataSourceEc2. Up 172.07 seconds These log events are very important to me as if a server fails to boot, it's likely a cloud-init issue. Have I misconfigured the imjournal module, or is there more configuration I need to specify to have rsyslog send the entire journal from the beginning of time when the state file isn't found? Thanks, - Naftuli Kay _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
