Re: Feroda logs

templier · ‎02-17-2015

Hello.

Does anyone have experience with what is reflected in the subject question (Journalctl logs)?
I must copy the security log with Fedora Journalctl.

But which side to approach him, I do not know yet

quixand · ‎07-29-2016

systemd will send events to syslog. Which should write out to /var/log/..
enable in
/etc/systemd/journald.conf
set
ForwardToSyslog=yes
rsyslog appears to have a listener configured (on centos at least) in
/etc/rsyslog.d/listen.conf
$SystemLogSocketName /run/systemd/journal/syslog
I guess you will need to restart the service
systemctl restart systemd-journald

see also
https://www.loggly.com/docs/systemd-logs/
https://forums.opensuse.org/showthread.php/488025-Syslog-and-journalctl
https://www.freedesktop.org/software/systemd/man/journald.conf.html

MuS · ‎02-17-2015

Hi templier,

your biggest trouble here is the binary format of the journalctl logs. Quick and dirty solutions would be:

run a wrapper for journalctl -f into a log file and monitor that in Splunk
or read this https://medium.com/coreos-linux-for-massive-server-deployments/coreos-logging-to-remote-destinations... where they use ncat to send journalctl output directly into Splunk

Hope this helps ...

cheers, MuS

templier · ‎02-17-2015

Hi.

Yes, both options are not perfect, but it seems if there is no other choice on them have to stop.
Now looking information whether it is possible simultaneously to configure logging to files (similar secure.log)

Thank you.

Feroda logs

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

Join the Conversation