getting logs from systemd unit into flat files and logstash [Resolved]

I'm running an application under systemd within CentOS 7. It logs to stdout and systemd is capturing that into journalctl just fine. I'd like to also:

  1. get a rotated text log file also saved to the local filesystem for familiarity to our sysadmins
  2. Get this data cleanly into logstash, ideally just the application logs, not all of syslog which also includes the OS messages, other applications, etc

I was initially researching using multilog from djb's daemontools but given systemd unit files don't like shell pipelines in ExecStart, plus there's no official RPM for daemontools that's part of CentOS, I'm hoping there's a less-cludgey approach.

I currently have logstash-forwarder reading syslog from /var/log/messages and /var/log/secure but I'd rather not include messages other than from this particular application.

Asked October 11, 2017
2 Answers

This would be only your basic solution something like this journalctl -f -o json | tee -a /var/log/systemd

You would need log rotation for that file to take care of the size otherwise it will fill up so quickly

Definitely considering you don't need to deploy stuff like logstash or fluentd

Answered October 11, 2017
