Michael Fischer wrote:
On Wed, Sep 07, Andrei Borzenkov wrote:
Отправлено с iPhone
7 сент. 2016 г., в 9:08, Per Jessen
написал(а): Andrei Borzenkov wrote:
Not really. It depends on how syslog-ng gets messages from journald. If it is configured as journald client (as opposed to listening on socket) then it can only get messages that had been stored.
The default config uses "system()" which almost certainly means /dev/log.
When journald is active, it takes over /dev/log and forwards messages over alternate socket; syslog daemon must be explicitly configured to listen to this alternate socket.
From syslog-ng system() documentation:
If the host is running under systemd, syslog-ng OSE reads directly from the systemd journal file using the systemd-journal() source.--
Aha. That was the pointer I was looking for. Interestingly, this seems to happen "under the hood": the strings "systemd" and "journal" appear nowhere under /etc/syslog-ng nor in /etc/sysconfig/syslog.
In syslog-ng, I think the system() source does it all for you. There is some documentation though: https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-o... -- Per Jessen, Zürich (22.8°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org