[systemd-devel] journald syslog forwarding
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Thu Dec 11 08:23:07 PST 2014
On Thu, Dec 11, 2014 at 05:18:58PM +0100, Lennart Poettering wrote:
> On Thu, 11.12.14 17:16, Zbigniew Jędrzejewski-Szmek (zbyszek at in.waw.pl) wrote:
>
> > > I agree with your findings, and basically thats how the zmq journal gateway works as
> > > well. And thanks to bring the "wait for network" up here, you would miss important
> > > boot log entries here.
> > >
> > > Would the upload tool learn a new URL for this purpose i.e. syslog://<ip>:514 ?
> >
> > Or a broadcast address, so no configuration is required.
>
> I'd really like to see broadcast delivery I must say.
>
> > > >> > Initial plan was to implement the most straighforward syslog forwarding,
> > > >> > so only the MESSAGE field would be sent.
> > > >>
> > > >> it would be great to have at least the following format to send to syslog:
> > > >>
> > > >> "<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name%
> > > >> %procid% %msg%\n"
> > > >>
> > > >> described as rsyslog configuration. All the meta infos are there IMHO.
> > > > Yes. We just wouldn't go into "structured" syslog messages to carry other
> > > > fields.
> > >
> > > I agreed as well mapping then into the "struct syslog format" wold be a config
> > > pain I assume. However the one we listed above should be there
> > > ?!?!...
> >
> > That's rfc5424, right? Then yes.
>
> Is that RFC actually widely adopted? I'd stay as conservative as
> possible with all of this.
Ooops, sorry, wrong RFC. I think 3164 is the right one.
Zbyszek
More information about the systemd-devel
mailing list