[systemd-devel] Direct systemd-journald event-logs tranmssion to Zabbix\Cacti

Mikhail Kasimov mikhail.kasimov at gmail.com
Mon Oct 26 14:43:29 PDT 2015


26.10.2015 17:35, Lennart Poettering пишет:
> On Mon, 26.10.15 15:54, Mikhail Kasimov (mikhail.kasimov at gmail.com) wrote:
> 
>> Hello Lennart! The main question is not about why rsyslog is
>> better/worst compared to systemd-journald. The main question is how to
>> transmit journald event-log to centralized log-server (Zabbix\Cacti\so
>> on) directly, without any additional assistant layers (rsyslog in this
>> case). 
> 
> This is not supported, and I doubt we will ever support that.

Why not? Can you declare in /etc/services that, for example, UDP 19531
is systemd-journald port (it's not native rsyslog supporting - it's only
the same way of it to have a logically finished log-system, which has
internal and external mechanisms of event-log transmission), and TCP
19531 and TCP 19532 are 'systemd-internal-log-transmission'?

But ok, no problem, I'll also ask about getting logs of systemd-journald
on Zabbix and Cacti forums. Possibly you're right in your original
conception, but my intuition whispers, that not at all...

> If you want syslog, use syslog, but systemd will not natively output syslog.
> 
>> JSON, HTTP(S) etc. -- that's great, but HTTP(S) is actually used
>> for web-surfing. And it often procced with port-redirections (on Squid
>> for example), shaping the speed depending on web-content and so on.
> 
> Well, HTTP is kinda the basic building block of most modern protocols,
> because it can easily go through proxies. It's certainly not a thing
> exclusively for web surfing... You can print via HTTP, you can
> checkout your git tree, there's SOAP and REST APIs, and whatnot. It's
> simply how you design internert protocols these days that fit into the
> concept of HTTP requests/responses. And logging certainly does.
> 
>> "It'd would be easy for external services to simply speak HTTP and get
>> the data out of there." (с) - yes, but there're many factors (traffic
>> shaping, other firewall ruling etc.) that potentially can affect on
>> systemd-journald logs transmission. So, the systemd-journald's dedicated
>> documented transports (open and secure) will be good idea.
> 
> The http-based protocol journald-gatewayd and related tools speak is
> pretty well documented.
> 
> Again, we won't support BSD syslog natively. If you want syslog,
> install a syslog implementation, there are many to choose from. Or use
> the HTTP stuff we do, but don't expect us to natively to syslog in systemd.

As you can notice, I, conversely, want to use systemd-journald event-log
transmission to external log-collectors systems WITHOUT rsyslog.




More information about the systemd-devel mailing list