setting up a Cribl journald data source for journal logs on remote machine
Hello Cribl community. Anyone had experience on setting up a Cribl journald data source for journal logs on remote machine? Where can I specify the remote host information? Thanks in advance.
Answers
-
You're trying to read the Journal files remotely?
0 -
yes, I want to get remote journald logs. What's the optimal ways to do this? Is Cribl syslog data source an option too? Thanks.
0 -
We don't support Journald remote today, so syslog to Cribl Stream would be the best way unless you want to install the Edge agent on the Linux machine.
0 -
Edge can collect logs from journald files on the local host so you'd need to mount them somehow for that to work. You may be able to have systemd/journald send logs to a syslog interface on a Stream/Edge node. Not entirely sure I'm following the question though.
0 -
Thanks. So I cannot use Cribl Journald data source since it is not supported. As Paul mentioned, can I configure journald to forward to socket, then configure syslog-ng to listen on that socket, then forward to Cribl syslog data source?
0
