[systemd-devel] Direct systemd-journald event-logs tranmssion to Zabbix\Cacti
Mikhail Kasimov
mikhail.kasimov at gmail.com
Mon Oct 26 02:08:37 PDT 2015
Anybody online?
24.10.2015 19:01, Mikhail Kasimov пишет:
> Hello!
>
> There is one more question I try to get a clearness for myself -- direct
> systemd-journald event-logs tranmssion to Zabbix\Cacti\other log-collector.
>
> As I understand nowadays we have such event-logs tranmssion schemas:
>
>
> Windows OS system:
>
> | Win System | -->|EventLog-To-Syslog Service| --> {UDP 514} -->
>
> --> |Log-collector|.
>
>
> Unix-like system:
>
> 1) Non-systemd:
> +---------+ +----------------+ +-------------+
> | System | -->|(r-)syslog(-ng) | --> {UDP 514} -->|Log-collector|
> +---------+ +----------------+ +-------------+
>
> 2) Systemd-based Linux:
> +---------+ +----------------+ +-------------+
> | System | -->|(r-)syslog(-ng) | --> {UDP 514} -->|Log-collector|
> +---------+ +----------------+ +-------------+
> | A
> | |
> | | {/etc/systemd/journald.conf:
> Store=volatile,ForwardToSyslog=yes}
> | |
> | +-----------------+ +-------------+
> ---------> |systemd-journald | --> {???} --> |Log-collector|
> +-----------------+ +-------------+
>
> If we want to send systemd-journald logs to remote log-collector system,
> we have to set up forwarding to (r-)syslog(-ng) service.
>
> Systemd's native tools -- systemd-journal-gatewayd\-upload\-remote --
> are designed to transmit logs between only homogeneous (systemd-based)
> systems.
>
> So systemd-based Linux system cannot transmit their event-logs to
> log-collectors _directly_ (key word in this topic!) via systemd-journald
> -- it's need to install one more eventlog-system ((r-)syslog(-ng)) to
> transmit logs to log-collector. That's redundacy again, as for me --
> just like the same to which I mentioned in "SSH -H key topic".
>
> I tried to find out the plugins for Cacti to have a dedicated
> systemd-journald tab compared to syslog (like here, for example:
> http://s16.postimg.org/e76umnxb9/pic2.jpg), but have no success on it.
>
> The problem is, I suppose, that systemd has no documented specification
> (RFC) on its own outgoing logs-transmission transport (in open and
> secure ways), instead of syslog:
>
> 'grep 514 < /etc/services':
> =============================
> syslog 514/udp
> ...
> syslog-tls 6514/tcp # Syslog over TLS [RFC5425]
> syslog-tls 6514/udp # syslog over DTLS [RFC6012]
> syslog-tls 6514/dccp # syslog over DTLS [RFC6012]
> =============================
>
> 'grep systemd < /etc/services' and 'grep journal < /etc/services' didn't
> give any result.
>
>
> Resume:
> ========
>
> 1. Because systemd-journald has NO a documented specification on
> logs-transmission transport, admins have to install other log-system in
> parallel to systemd-journald and set up systemd-journald in right way to
> have possibility to send event-logs to log-collector system (Redundancy,
> because two event-log services are in use).
>
> 2. To avoid the redundancy mentioned above, admins can stop and disable
> systemd-journald.socket and systemd-journald.service and use only
> (r-)syslog(-ng) service (one service in use).
>
> 3. If systemd-journald has a documented specification (RFC) on
> logs-transmission transport, admins will have pretty good choice
> (technically and/or ideologically) to use systemd-journald and\or
> (r-)syslog(-ng) at the same time or separately to send event-logs to
> Zabbix\Cacti\other log-collector.
> ========
>
> Which thing do I understand right and which wrong?
>
> Thanks and sorry for a long text - I'll really be glad to understand the
> current (and possibly, future) situation with systemd-journald event-log
> tranmission to Zabbix\Cacti\other log-collector _directly_.
>
More information about the systemd-devel
mailing list