Discussion:
Store journal logs to different journals(location) based on Filters
Add Reply
P.R.Dinesh
2017-09-20 06:13:40 UTC
Reply
Permalink
Raw Message
Is it possible to store journal logs matching specific filters to different
journal files in addition to the main journal using some journald
configurations?


For eg., All journal logs of severity critical and above should be stored
in /var/log/critical/critial.journal in addition to the main journal.



Currently I am achieving this via combination of systemd-journal-remote and
journalctl as below

ExecStart=/lib/systemd/systemd-journal-remote
--output=/var/log/critical/critical.journal --getter="journalctl -f
PRIORITY=3 -o export"

In this approach, I have the following disadvantages
1) For each filter output combination, I need to create additional service
2) Somethings we miss few logs, couldnt root cause it yet.
3) Also I not sure whether this would be a better compared to the
systemd-journald directly storing them in different journal files.



Hence, I prefer a systemd-journald configuration like following

TargetFilter1="PRIORITY=2"
TargetDestination1="/var/log/critical.journal"

TargetFilter2="_UNIT=CPROCESSOR"
TargetDestination2="/var/log/cprocessor.journal"

which will store those logs matching the filters to the corresponding
destination.
Michael Biebl
2017-09-20 11:24:22 UTC
Reply
Permalink
Raw Message
Post by P.R.Dinesh
Is it possible to store journal logs matching specific filters to different
journal files in addition to the main journal using some journald
configurations?
No
Post by P.R.Dinesh
For eg., All journal logs of severity critical and above should be stored
in /var/log/critical/critial.journal in addition to the main journal.
My recommendation would be to forward the log messages to your syslog
daemon (rsyslog, syslog-ng) and then use the filter mechanisms
provided by your syslog daemon to store the log messages into separate
files.
Julian Andres Klode
2017-09-20 11:55:59 UTC
Reply
Permalink
Raw Message
Post by P.R.Dinesh
Is it possible to store journal logs matching specific filters to different
journal files in addition to the main journal using some journald
configurations?
For eg., All journal logs of severity critical and above should be stored
in /var/log/critical/critial.journal in addition to the main journal.
Why? I mean the point of journal is that you can do this querying later
on via journalctl, so there's no point in storing them in different
files - just specify the priority you are interested in to journalctl
instead.
--
Debian Developer - deb.li/jak | jak-linux.org - free software dev
| Ubuntu Core Developer |
When replying, only quote what is necessary, and write each reply
directly below the part(s) it pertains to ('inline'). Thank you.
Loading...