2014-11-26 10:04:53 UTC
I have an interesting situation here, which I'm trying to wrap my head
around and solve. The problem is that I have a syslog daemon (syslog-ng
3.6.1) that has a native Journal source, meaning it can pull entries
from the Journal directly, and does not need the syslog forwarding
socket - and this is the default when running on a systemd-enabled
This works beautifully, except there's one problem:
Nov 26 10:41:05 eowyn systemd-journal: Forwarding to syslog missed 1343 messages.
On Debian, syslog forwarding is enabled by default, and since syslog-ng
reads from the journal, there's nothing listening on
/run/systemd/journal/syslog, and I get spammed with messages like the
I'm not sure how to solve this problem. As far as I see, I have the
1) Drop the native journal source and use syslog forwarding.
This is trivial to do, but I loose the extra fields and info the
Journal collects. I'd rather not do this.
2) Have a dummy listener on /run/systemd/journal/syslog, that just reads
everything and drops it on the floor.
This sounds fishy, and is a bit awkward to implement in the config.
This would also be an ugly hack, not a real solution.
3) Disable syslog forwarding if syslog-ng is installed
Not sure how this could be achieved, because journald.conf does not
belong to the syslog-ng package, therefore I can't fiddle its
settings from there. (Technically, I could, but I won't, that'd be
I'd appreciate any hints. (Disabling syslog forwarding by default is not