This is the multi-page printable view of this section.
Click here to print.
Return to the regular view of this page.
systemd-syslog: Collect systemd messages using a socket
On platforms running systemd, the systemd-syslog() driver reads the log messages of systemd using the /run/systemd/journal/syslog socket. Note the following points about this driver:
-
If possible, use the more reliable systemd-journal() driver instead.
-
The socket activation of systemd is buggy, causing some log messages to get lost during system startup.
-
If AxoSyslog is running in a jail or a Linux Container (LXC), it will not read from the /dev/kmsg or /proc/kmsg files.
Declaration:
Example: Using the systemd-syslog() driver
@version: 4.9.0
source s_systemdd {
systemd-syslog();
};
destination d_network {
syslog("server.host");
};
log {
source(s_systemdd);
destination(d_network);
};
1 - systemd-syslog() source options
The systemd-syslog() driver has the following options:
check-hostname()
|
|
| Type: |
boolean (yes or no) |
| Default: |
Use the global check-hostname() option, which defaults to no. |
Checks that the hostname contains valid characters. Uses the value of the global option if not specified.
hook-commands()
Description: This option makes it possible to execute external programs when the relevant driver is initialized or torn down. The hook-commands() can be used with all source and destination drivers with the exception of the usertty() and internal() drivers.
Note
The AxoSyslog application must be able to start and restart the external program, and have the necessary permissions to do so. For example, if your host is running AppArmor or SELinux, you might have to modify your AppArmor or SELinux configuration to enable AxoSyslog to execute external applications.
Using hook-commands() when AxoSyslog starts or stops
To execute an external program when AxoSyslog starts or stops, use the following options:
startup()
| Type: |
string |
| Default: |
N/A |
Description: Defines the external program that is executed as AxoSyslog starts.
shutdown()
| Type: |
string |
| Default: |
N/A |
Description: Defines the external program that is executed as AxoSyslog stops.
Using the hook-commands() when AxoSyslog reloads
To execute an external program when the AxoSyslog configuration is initiated or torn down, for example, on startup/shutdown or during a AxoSyslog reload, use the following options:
setup()
| Type: |
string |
| Default: |
N/A |
Description: Defines an external program that is executed when the AxoSyslog configuration is initiated, for example, on startup or during a AxoSyslog reload.
teardown()
| Type: |
string |
| Default: |
N/A |
Description: Defines an external program that is executed when the AxoSyslog configuration is stopped or torn down, for example, on shutdown or during a AxoSyslog reload.
Example: Using hook-commands() with a network source
In the following example, the hook-commands() is used with the network() driver and it opens an iptables port automatically as AxoSyslog is started/stopped.
The assumption in this example is that the LOGCHAIN chain is part of a larger ruleset that routes traffic to it. Whenever the AxoSyslog created rule is there, packets can flow, otherwise the port is closed.
source {
network(transport(udp)
hook-commands(
startup("iptables -I LOGCHAIN 1 -p udp --dport 514 -j ACCEPT")
shutdown("iptables -D LOGCHAIN 1")
)
);
};
idle-timeout()
|
|
| Accepted values: |
number [seconds] |
| Default: |
0 (disabled) |
Available in AxoSyslog 4.9 and later.
If set, AxoSyslog closes the client connection if no data is received for the specified amount of time (in seconds).