[rsyslog-notify] Forum Thread: Re: remote log to journald - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Mon Jun 29 20:30:11 CEST 2015
User: dlang
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25727#p25727
Message:
----------
does the journal even have a provision for client servername or IP address?
It looks like rsyslog doesn't currently pass these things to the journal,
from the code:
/* we can use more properties here, but let's see if there
* is some real user interest. We can always add later...
*/
r = sd_journal_send("MESSAGE=%s", getMSG(pMsg),
"PRIORITY=%d", sev,
"SYSLOG_FACILITY=%d", pMsg->iFacility,
"SYSLOG_IDENTIFIER=%s", tag,
NULL);
In the two years since this module was created, you are probably about the
first person to try and do this :-/
Rainer, it seems to me that we should pass a bunch more info here, possibly
including the contents of $!. For backwards compatibility with anything
people are doing today, how about a flag "structureddata" that when set to
yes sends all the variables in $! and a bunch of other things that are
useful when dealing with remote messages (hostname, fromhost, fromhost-ip,
timegenerated, timereceived)?
More information about the rsyslog-notify
mailing list