0

one common paradigm on all other syslog implementations (rsyslog, syslog-ng, readlog, etc) is to exchange log entries via UDP514 in plain text format.

How do I enable systemd-journal-remote to receive logs in such format?

(I know there are plugins to more complex log providers to emulate the new https format used by default by systemd-journal-remote, but i'm dealing with dumb appliances that can only send the old, original, plain text format)

gcb
  • 253
  • 3
  • 16

2 Answers2

0

ended up using rsyslog with the omjournal output log. This way the logs go to journald and are "unified" in the syslog ecosystem. Have the advantage of working across containers too.

# /etc/rsyslog.conf
...
module(load="omjournal")
template(name="journal" type="list") {
  constant(value="remote" outname="MESSAGE")
  property(name="$!event-type" outname="EVENT_TYPE")
}
action(type="omjournal" template="journal")
...
gcb
  • 253
  • 3
  • 16
0

I found a way to redirect remote log messages to systemd journal using a example configuration from https://bugzilla.redhat.com/show_bug.cgi?id=1428247 :

module(load="omjournal") 
ruleset(name="remote") {
    action(type="omjournal")
}
input(type="imtcp" port="514" ruleset="remote")

It works on Ubuntu Server 18.04 with rsyslog, in my case using the tcp module.

Jaime
  • 1
  • 2