First off, going through systemd means that you are dependent on the times that
systemd reports, because there is a delay between when the app writes the log
and when systemd lets rsyslog see it.
the best thing is to have the app write a timestamp :-)
next, use imjournal to fetch the logs from journald and parse the metadata
provided (gets you the time that systemd reports)
next, rsyslog has a message property (i.e. variable) that says when rsyslog
received the message
then, when you forward the message, you want to NOT set the traditional forward
format, the default on current versions of rsyslog will send it out with a high
precision timestamp
does this answer your questions?
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
