Hello Cribl community. Anyone had experience on setting up a Cribl journald data source for journal logs on remote machine? Where can I specify the remote host information? Thanks in advance.
Page 1 / 1
You're trying to read the Journal files remotely?
yes, I want to get remote journald logs. What's the optimal ways to do this? Is Cribl syslog data source an option too? Thanks.
We don't support Journald remote today, so syslog to Cribl Stream would be the best way unless you want to install the Edge agent on the Linux machine.
Edge can collect logs from journald files on the local host so you'd need to mount them somehow for that to work. You may be able to have systemd/journald send logs to a syslog interface on a Stream/Edge node. Not entirely sure I'm following the question though.
Thanks. So I cannot use Cribl Journald data source since it is not supported. As Paul mentioned, can I configure journald to forward to socket, then configure syslog-ng to listen on that socket, then forward to Cribl syslog data source?
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.