[systemd-devel] Filtering and remote logs

[Mikhail Morfikov]

I'm playing with the journal to see what useful things it can do, and I
have two questions:

1. Rsyslog has the ability of filtering logs, for instance:

if $syslogtag contains "something" and ($msg contains "something-else" or $msg contains "something-different") then -/var/log/trash.log

or something similar.

The thing is that some apps produce certain logs, and I don't want them
to be logged. Let's say I type journalctl -f in a terminal, and I want
to be capable of seeing all the things except the logs I mentioned. I'm
aware of the two options (StandardOutput and StandardError) in the
[Service] block of a unit file, but even if I used StandardOutput=null
I would lose all the logs that ultimately go to the standard output,
and I don't want that too.

So there's a question -- is there a way to do some filtering with
journald ?

2. I'm using rsyslog for two things, one of which I've already
mentioned, and the second one is for remote logging using the TLS
channel. Is journald able to send logs through network using TLS?

2.1. The bonus questions. Let's say journald is able to send logs via
encrypted channel -- what about requests from rsyslog or syslog-ng? Can
journald handle them too?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150210/c537c949/attachment.sig>