Journalctl / journald logs aren't going to work for me because I need individual log files that can sent to different areas of our infrastructure for processing / archiving and a ton of other activities. Basically it is a non-starter to change the way the workflow around these logs work.
I have syslog-ng installed because the back-end systems us it to centralize files. I can't change that either - so syslog-ng is what I have to use.
It is professed that syslog-ng can read journald directly with the system() source, but its just not happening. I see the logging information in journalctl, but can't get it to simply WRITE to a disk location to save my life. Most of the work going on is Perl, executed in cron - this works fine on other machines not running systemd/journald. It can't be this hard - what am I missing?
Thanks in advance - Please see my configs below
(journald.conf is default - no lines uncommented.. and Fedora 25's systemd doesn't seem to honor the ForwardToSyslog switch anyway.)
syslog-ng.conf
Code:@version:3.9 @include "scl.conf" # syslog-ng configuration file. # # This should behave pretty much like the original syslog on RedHat. But # it could be configured a lot smarter. # # See syslog-ng(8) and syslog-ng.conf(5) for more information. # # Note: it also sources additional configuration files (*.conf) # located in /etc/syslog-ng/conf.d/ options { flush_lines (0); time_reopen (10); log_fifo_size (1000); chain_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); }; source s_sys { system(); internal(); # udp(ip(0.0.0.0) port(514)); }; destination d_cons { file("/dev/console"); }; destination d_mesg { file("/var/log/messages"); }; destination d_auth { file("/var/log/secure"); }; destination d_mail { file("/var/log/maillog" flush_lines(10)); }; destination d_spol { file("/var/log/spooler"); }; destination d_boot { file("/var/log/boot.log"); }; destination d_cron { file("/var/log/cron"); }; destination d_kern { file("/var/log/kern"); }; destination d_mlal { usertty("*"); }; filter f_kernel { facility(kern); }; filter f_default { level(info..emerg) and not (facility(mail) or facility(authpriv) or facility(cron)); }; filter f_auth { facility(authpriv); }; filter f_mail { facility(mail); }; filter f_emergency { level(emerg); }; filter f_news { facility(uucp) or (facility(news) and level(crit..emerg)); }; filter f_boot { facility(local7); }; filter f_cron { facility(cron); }; filter f_appservers { facility(local4); host("(^jenkins|app$|app_d$)"); }; # Custom additions to support application destination d_speciallogs { file("/var/log/perl_logs/${PROGRAM}.log" create_dirs(yes) owner("automagic") group("automagic") perm(0660) dir-owner("automagic") dir-group("automagic") dir-perm(770) ); }; destination d_DEBUG { file("/var/log/perl_logs/DEBUG.log" create_dirs(yes) owner("automagic") group("automagic") perm(0660) dir-owner("automagic") dir-group("automagic") dir-perm(770) ); }; destination d_INFO { file("/var/log/perl_logs/SYSINFO.log" create_dirs(yes) owner("automagic") group("automagic") perm(0660) dir-owner("automagic") dir-group("automagic") dir-perm(770) ); }; destination d_ERROR { file("/var/log/perl_logs/ERROR.log" create_dirs(yes) owner("automagic") group("automagic") perm(0660) dir-owner("automagic") dir-group("automagic") dir-perm(770) ); }; destination d_central_syslog { syslog("logcentral.server" transport("tcp")); }; #log { source(s_sys); filter(f_kernel); destination(d_cons); }; log { source(s_sys); filter(f_kernel); destination(d_kern); }; log { source(s_sys); filter(f_default); destination(d_mesg); }; log { source(s_sys); filter(f_auth); destination(d_auth); }; log { source(s_sys); filter(f_mail); destination(d_mail); }; log { source(s_sys); filter(f_emergency); destination(d_mlal); }; log { source(s_sys); filter(f_news); destination(d_spol); }; log { source(s_sys); filter(f_boot); destination(d_boot); }; log { source(s_sys); filter(f_cron); destination(d_cron); }; # Modified for custom Application log { source(s_sys); filter(f_appservers); destination(d_central_syslog); destination(d_speciallogs); }; log { source(s_sys); filter(f_appservers); filter( f_DEBUG ); destination(d_DEBUG); }; log { source(s_sys); filter(f_appservers); filter( f_INFO ); destination(d_INFO); }; log { source(s_sys); filter(f_appservers); filter( f_ERROR ); destination(d_ERROR); }; filter f_DEBUG { level(debug..emerg); }; filter f_INFO { level(info..emerg); }; filter f_ERROR { level(err..emerg); }; # Source additional configuration files (.conf extension only) @include "/etc/syslog-ng/conf.d/*.conf" # vim:ft=syslog-ng:ai:si:ts=4:sw=4:et: