https://community.splunk.com/t5/Getting-Data-In/Feroda-logs/m-p/153085#M31157 <P>Hi templier,</P> <P>your biggest trouble here is the binary format of the <CODE>journalctl</CODE> logs. Quick and dirty solutions would be:</P> <UL> <LI>run a wrapper for <CODE>journalctl -f</CODE> into a log file and monitor that in Splunk</LI> <LI>or read this <A href="https://medium.com/coreos-linux-for-massive-server-deployments/coreos-logging-to-remote-destinations-defb984185c5">https://medium.com/coreos-linux-for-massive-server-deployments/coreos-logging-to-remote-destinations-defb984185c5</A> where they use <CODE>ncat</CODE> to send journalctl output directly into Splunk</LI> </UL> <P>Hope this helps ...</P> <P>cheers, MuS</P> Tue, 17 Feb 2015 12:48:22 GMT MuS 2015-02-17T12:48:22Z https://community.splunk.com/t5/Getting-Data-In/Feroda-logs/m-p/153084#M31156 <P>Hello. </P> <P>Does anyone have experience with what is reflected in the subject question (Journalctl logs)? <BR /> I must copy the security log with Fedora Journalctl.</P> <P>But which side to approach him, I do not know yet</P> Tue, 17 Feb 2015 12:23:19 GMT https://community.splunk.com/t5/Getting-Data-In/Feroda-logs/m-p/153084#M31156 templier 2015-02-17T12:23:19Z https://community.splunk.com/t5/Getting-Data-In/Feroda-logs/m-p/153085#M31157 <P>Hi templier,</P> <P>your biggest trouble here is the binary format of the <CODE>journalctl</CODE> logs. Quick and dirty solutions would be:</P> <UL> <LI>run a wrapper for <CODE>journalctl -f</CODE> into a log file and monitor that in Splunk</LI> <LI>or read this <A href="https://medium.com/coreos-linux-for-massive-server-deployments/coreos-logging-to-remote-destinations-defb984185c5">https://medium.com/coreos-linux-for-massive-server-deployments/coreos-logging-to-remote-destinations-defb984185c5</A> where they use <CODE>ncat</CODE> to send journalctl output directly into Splunk</LI> </UL> <P>Hope this helps ...</P> <P>cheers, MuS</P> Tue, 17 Feb 2015 12:48:22 GMT https://community.splunk.com/t5/Getting-Data-In/Feroda-logs/m-p/153085#M31157 MuS 2015-02-17T12:48:22Z https://community.splunk.com/t5/Getting-Data-In/Feroda-logs/m-p/153086#M31158 <P>Hi. </P> <P>Yes, both options are not perfect, but it seems if there is no other choice on them have to stop.<BR /> Now looking information whether it is possible simultaneously to configure logging to files (similar secure.log)</P> <P>Thank you.</P> Tue, 17 Feb 2015 12:52:39 GMT https://community.splunk.com/t5/Getting-Data-In/Feroda-logs/m-p/153086#M31158 templier 2015-02-17T12:52:39Z https://community.splunk.com/t5/Getting-Data-In/Feroda-logs/m-p/153087#M31159 <P>systemd will send events to syslog. Which should write out to /var/log/..<BR /> enable in <BR /> <CODE>/etc/systemd/journald.conf</CODE><BR /> set<BR /> <CODE>ForwardToSyslog=yes</CODE><BR /> rsyslog appears to have a listener configured (on centos at least) in<BR /> <CODE>/etc/rsyslog.d/listen.conf</CODE><BR /> <CODE>$SystemLogSocketName /run/systemd/journal/syslog</CODE><BR /> I guess you will need to restart the service<BR /> <CODE>systemctl restart systemd-journald</CODE></P> <P>see also<BR /> <A href="https://www.loggly.com/docs/systemd-logs/">https://www.loggly.com/docs/systemd-logs/</A><BR /> <A href="https://forums.opensuse.org/showthread.php/488025-Syslog-and-journalctl">https://forums.opensuse.org/showthread.php/488025-Syslog-and-journalctl</A><BR /> <A href="https://www.freedesktop.org/software/systemd/man/journald.conf.html">https://www.freedesktop.org/software/systemd/man/journald.conf.html</A></P> Fri, 29 Jul 2016 13:26:49 GMT https://community.splunk.com/t5/Getting-Data-In/Feroda-logs/m-p/153087#M31159 quixand 2016-07-29T13:26:49Z