1

Don't know what to add more to question, just want to send all logs. My applications write logs to journald, there is no files on disk.

UPD. Just to clarify, there are files where journald store logs, my application do not create any logs files.

Tatikonda vamsikrishna
  • 157
  • 2
Raf
  • 163
  • 7
  • Your question provides no information about the system that generates the logs. On-prem, Google Cloud Compute Engine, etc. In most cases, Google Cloud Logging (aka Stackdriver) is the solution. https://cloud.google.com/logging/docs/agent/logging/installation – John Hanley Sep 25 '21 at 21:09
  • @JohnHanley journald is quite well known and that alone is sufficient information about the system. I can't find anything in Cloud Logging's docs that suggests it supports reading from the journal. It seems to support only plain text files. I think it could be done with the new Ops Agent though, as it will ingest JSON (finally) on a TCP listener and journald will export JSON to such a listener. – Michael Hampton Sep 26 '21 at 19:28
  • @MichaelHampton - I meant the service/system he is running on - Compute Engine, Kubernetes, etc. and that is important to specify. Cloud Logging aka Stackdriver supports journald. – John Hanley Sep 26 '21 at 22:44
  • @JohnHanley Really? Is there documentation of this? – Michael Hampton Sep 26 '21 at 23:09
  • @MichaelHampton - I cannot even find the word **journald** mentioned with Stackdriver. I have been using Google Cloud Logging for years and I have never done anything except for proper installation and permissions to see the journald entries in Logs Viewer. Now you have me doubting myself. – John Hanley Sep 26 '21 at 23:50
  • @JohnHanley Probably from syslog, as the journal on most systems is configured to export everything to syslog. The OP doesn't appear to have this option if he has no disk to write to. Not to mention that what gets written to syslog is a small subset of the actual journal entry; a lot of info just gets thrown away. It's also quite odd that, with virtually every Linux system using it, that apparently neither Cloud Logging nor Ops Agent can ingest from the journal directly. I'm hopeful to set up a JSON-TCP connection between journald and Ops Agent but I don't have time to do it right now. – Michael Hampton Sep 27 '21 at 00:03
  • @MichaelHampton - I just verified that you are correct. Cloud Logging is not exporting all journals entries. I used **systemd-cat** to write to journald and verified that the entry appeared in journald. Then I went to Cloud Logging and wait 10 minutes. The entry did not appear. – John Hanley Sep 27 '21 at 00:08
  • Just a plain Linux VM Compute Engine (not a Kubernetes) – Raf Sep 27 '21 at 07:30
  • If you haven’t already tried , can you try the steps mentioned in [Centralizing with Syslog](https://www.loggly.com/ultimate-guide/centralizing-with-syslog/) and verify if you can view the journald logs on the Cloud Logging dashboard. – Gellaboina Ashish Sep 28 '21 at 05:56
  • I will try it and report, but it seems this will create 2 places where my logs will be stored on vm. In journald files and in /var/log/syslog I would like to avoid it. – Raf Sep 28 '21 at 16:14

1 Answers1

0

FWIW since Ops Agent version 2.4.0 there is a systemd_journald logging receiver. Docs.

Lyubomir
  • 1
  • 1