[systemd-devel] Filtering and remote logs
Lennart Poettering
lennart at poettering.net
Wed Feb 11 04:32:03 PST 2015
On Tue, 10.02.15 03:09, Mikhail Morfikov (mmorfikov at gmail.com) wrote:
> I'm playing with the journal to see what useful things it can do, and I
> have two questions:
>
> 1. Rsyslog has the ability of filtering logs, for instance:
>
> if $syslogtag contains "something" and ($msg contains "something-else" or $msg contains "something-different") then -/var/log/trash.log
>
> or something similar.
>
> The thing is that some apps produce certain logs, and I don't want them
> to be logged. Let's say I type journalctl -f in a terminal, and I want
> to be capable of seeing all the things except the logs I mentioned. I'm
> aware of the two options (StandardOutput and StandardError) in the
> [Service] block of a unit file, but even if I used StandardOutput=null
> I would lose all the logs that ultimately go to the standard output,
> and I don't want that too.
>
> So there's a question -- is there a way to do some filtering with
> journald ?
No there isn't. The concept of journald is to collect all logs and
filter on display.
> 2. I'm using rsyslog for two things, one of which I've already
> mentioned, and the second one is for remote logging using the TLS
> channel. Is journald able to send logs through network using TLS?
See systemd-journal-upload(8).
> 2.1. The bonus questions. Let's say journald is able to send logs via
> encrypted channel -- what about requests from rsyslog or syslog-ng? Can
> journald handle them too?
journald only speaks HTTP. The BSD syslog protocol is not supported.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list