Skip to main content

getting logs from systemd unit into flat files and logstash [Resolved]

I'm running an application under systemd within CentOS 7. It logs to stdout and systemd is capturing that into journalctl just fine. I'd like to also:

  1. get a rotated text log file also saved to the local filesystem for familiarity to our sysadmins
  2. Get this data cleanly into logstash, ideally just the application logs, not all of syslog which also includes the OS messages, other applications, etc

I was initially researching using multilog from djb's daemontools but given systemd unit files don't like shell pipelines in ExecStart, plus there's no official RPM for daemontools that's part of CentOS, I'm hoping there's a less-cludgey approach.

I currently have logstash-forwarder reading syslog from /var/log/messages and /var/log/secure but I'd rather not include messages other than from this particular application.

Question Credit: Peter Lyons
Question Reference
Asked October 11, 2017
Posted Under: Network
2 Answers

This would be only your basic solution something like this journalctl -f -o json | tee -a /var/log/systemd

You would need log rotation for that file to take care of the size otherwise it will fill up so quickly

Definitely considering you don't need to deploy stuff like logstash or fluentd

credit: Abdel Hegazi
Answered October 11, 2017
Your Answer