DietPi
DietPi copied to clipboard
MichaIng
Add remote logging as an automated setup option
Creating a feature request
Is your feature request related to a problem? Please describe:
I have a couple dozen machines running dietpi and one of the first things I do is install rsyslog set to send all my logs to my network syslog receiver. That gets old fast, though I've got a "ckuethe-ize" script to install my usual set of packages, ssh keys, hosts files, other configs ...
Describe the solution you'd like:
I'd like to have a network log option that installs rsyslog, and then sends all logs to a specified syslog receiver rather than disk like full logging does.
Describe alternatives you've considered:
I did RTFM (making sure to read https://dietpi.com/docs/software/log_system/) to make sure this wasn't already implemented. My current alternative is copying in my local rsyslog.conf that does this.
Additional context
- ...
Many thanks for your request.
As I plan to remove rsyslog and logrotate completely (from dietpi-software, of course it can always be installed via apt), replacing it with mkdir /var/log/journal for persistent system logs right from the journal (instead of the round trip through rsyslog into a plain text file), maybe systemd-journald can be configured to send logs to a remote receiver directly. I'll have a look.
I'm not attached to rsyslog; it would be entirely satisfactory if systemd-journald could be told to just ship all the logs to syslog.example.com - especially if that could be specified in dietpi.txt at install time.
Barf!
According to journald.conf(5), systemd-journald can't directly forward to a syslog server and it systemd-journald-remote isn't as portable as regular syslog (and it's also not installed by default).
https://www.digitalocean.com/community/tutorials/how-to-centralize-logs-with-journald-on-debian-10
Just filed a bug on systemd... https://github.com/systemd/systemd/issues/23013
systemd-journal-remote seems to be exactly what you are looking for:
- https://packages.debian.org/bullseye/systemd-journal-remote
- https://manpages.debian.org/bullseye/systemd-journal-remote/systemd-journal-remote.8.en.html
What do you mean by "isn't as portable as regular syslog"?
Your issue at systemd sounds like you don't know about systemd-journald-remote, so I suggest you adjust it to mention the exact (portability) issue you face with it, instead of requesting to have remote syslog support integrated into basic systemd-journald (which I would be against, systemd is sufficiently bloated already, keep it modular where it is already).
Just arrived here seeing there is only two options for logging as of today. The one of the guys at systemd maintainer team[1] recommended to to use systemd/systemd-netlogd as a forwarder instead.
- [1] https://github.com/systemd/systemd/issues/7170#issuecomment-338734155
EDIT: added sources and correct spelling...
Hmm, netlogd seems to be not (natively) available on Debian at all. Interestingly I do not find any info about what the difference of both is. Do you have a reference about "systemd (no capital "s" and "d" 😉) maintainer team recommended"?
To clarify, systemd-journal-remote does not support standard syslog format and logs can only be received by another system using journald. This is why I mentioned systemd-netlogd which I came across while looking into this issue for exporting logs in syslog format.
Ah, so this is the difference, thanks for clarification. In case journal format is sufficient, at least currently it is easier to install systemd-journal-remote just via APT, without compiling. But it makes sense to have a standard syslog distribution as well.
Btw, generally you can have the same with rsyslog, isn't it? Sure by default it adds the local plain text files, which might not be wanted, but AFAIK this can be disabled so that it serves just as "r"(=remote)syslog daemon it is named after. But I guess systemd-netlogd is simpler to setup (after having it compiled already), being more tightly developed for this purpose.