-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add RFC-5424 syslog forwarding support to journald
#32852
Comments
Frankly, I am not convinced we should really beef up the forward-to-syslog stuff, because it has the major issue that there's no buffering, i.e. you can never catch up, anything listening will not be able to catch up with what was logged before it started listening. The various syslog implementations I am aware of nowadays have plugins to read the data they need directly from the journal, and that does provide the buffering so that they can catch up with what was logged while they were offline. I think rather then beefing this concept up we probably should deprecate it instead, i.e. keep it around and working as it is now, but drop it from the docs, and hide it in the default .conf file we install. |
Indeed, the syslog protocol and implementations has all the issues you've mentioned (and perhaps more). However, it is also a reasonably simple protocol to implement, and thus there are many small (non-enterprise-ish) tools out there that do implement it (and for which it wouldn't be feasible to implement Thus, having support for it (both in the RFC-3164 and RFC-5424 variants) could offer an easy escape hatch for those that need it, without too much overhead on either side. For example, in my particular use-case, I have written myself a small Go-based syslog server that just stores logged messages in archived ( I could for example try to support the
What I describe here might be viewed as a "me" problem, which I can easily work-around. However this is just an use-case for supporting syslog (and the RFC-5424 format). There might be other similar use-cases out there.
I think that would lead to even more perceived lock-in from the |
I've tried to approach this problem from multiple angles, and I fail to find a solution that works:
Thus at the moment, even if one doesn't want to rely on RFC-5424, |
Component
systemd-journald
Is your feature request related to a problem? Please describe
At the moment, when configuring
ForwardToSyslog = yes
,systemd-journald
uses the UNIX socket domain/run/systemd/journal/syslog
to forward messages using RFC-3164.However, as #19251 describes (concerning the ingestion of syslog messages), sometimes it is useful to also have the forwarded messages conforming to RFC-5424 (instead of the current RFC-3164).
Describe the solution you'd like
Add a new
/etc/systemd/journald.conf
configuration option that allows the administrator to specify which protocol should the forwarded messages follow.For example:
I don't think the proposed solution in #19251 of using xattr to mark the supported protocol directly on the socket is a workable solution here, mainly because all currently existing syslog servers don't actually support setting xattr's on listening sockets.
Describe alternatives you've considered
No response
The systemd version you checked that didn't have the feature you are asking for
255
The text was updated successfully, but these errors were encountered: