fluent-plugin-systemd seem to log only sshd entries
235 views
Skip to first unread message
Stéphane Klein
Jul 17, 2017, 3:55:07 PM7/17/17
to Fluentd Google Group
Hi,
I use fluent-plugin-systemd plugin with this configuration:
<system>
log_level debug
</system>
<source>
@type systemd
path /var/log/journal
tag journal
<storage>
@type local
persistent true
path /fluentd/pos/journal.pos
</storage>
read_from_head true
</source>
<source>
@type http
port 9880
</source>
<filter **>
@type stdout
</filter>
<match **>
@type elasticsearch
host elasticsearch
port 9200
logstash_format true
type_name fluentd
</match>
My journald is configured with persistent option, then I have this files in /var/log/journal/:
# tree /var/log/journal/
/var/log/journal/
└── 8e26deeb0bd34f98a71d544e8005065b
├── system.journal
└── user-1000.journal
but fluentd fetch only sshd log entry:
https://gist.githubusercontent.com/harobed/4a793187f181c13719909494523d899e/raw/2b75910cadba2b7db80b20d29cae02601345f860/gistfile1.txt
I don't understand where is my issue.
Best regards,
Stéphane
I use fluent-plugin-systemd plugin with this configuration:
<system>
log_level debug
</system>
<source>
@type systemd
path /var/log/journal
tag journal
<storage>
@type local
persistent true
path /fluentd/pos/journal.pos
</storage>
read_from_head true
</source>
<source>
@type http
port 9880
</source>
<filter **>
@type stdout
</filter>
<match **>
@type elasticsearch
host elasticsearch
port 9200
logstash_format true
type_name fluentd
</match>
My journald is configured with persistent option, then I have this files in /var/log/journal/:
# tree /var/log/journal/
/var/log/journal/
└── 8e26deeb0bd34f98a71d544e8005065b
├── system.journal
└── user-1000.journal
but fluentd fetch only sshd log entry:
https://gist.githubusercontent.com/harobed/4a793187f181c13719909494523d899e/raw/2b75910cadba2b7db80b20d29cae02601345f860/gistfile1.txt
I don't understand where is my issue.
Best regards,
Stéphane
Stéphane Klein
Jul 18, 2017, 7:32:03 AM7/18/17
to Fluentd Google Group
fluent-plugin-systemd have also a buffer? I need to configure a flush_interval?
Stéphane Klein
Jul 18, 2017, 8:44:24 AM7/18/17
to Fluentd Google Group
My /etc/systemd/journald.conf config file:
SystemMaxUse=400M
SystemMaxFileSize=100M
Storage=persistent
SyncIntervalSec=30s
Stéphane Klein
Jul 18, 2017, 12:50:36 PM7/18/17
to Fluentd Google Group
Fixed with
environment:
- FLUENT_UID=0
in my docker-compose :)
Reply all
Reply to author
Forward
0 new messages