Systemd not able to ship logs if the instance is stopped and started

[ameyrk18]

Hi

I am using the below s/w versions. I am shipping system logs generated by journal using fluentd syslog plugin to graylog.

td-agent --> 1.2.2 fluent-plugin-systemd --> 1.0.1

I am shipping systemd logs by reading journal using systemd plugin. It absolutely works fine without any issues. Below is my config.

<system>
  log_level debug
</system>

<source>
  @type systemd
  tag journal
  path /var/log/journal
  #matches [{ "docker-compose": "" }]
  read_from_head false
  <storage>
    @type local
    persistent false
    path /var/log/td-agent/docker-compose.pos
  </storage>
  <entry>
    fields_strip_underscores true
    fields_lowercase true
  </entry>
</source>

<match journal>
@type copy
  <store>
    @type gelf
    host x.x.x.x
    port 12201
    flush_interval 5s
  </store>
#  <store>
#    @type stdout
#  </store>
</match>

However looks like there is an issue. I have daemonised fluentd using systemd. Whenever fluentd instance is rebooted the fluentd reads the the journal file until the last line recorded by journal using last bootid. The new messages which are generated by the latest boot id gets un recognised.

Is this an issue?

I have to restart fluentd process in order to fix this issue.

Thanks, Amey

[ameyrk18]

This was a config issue from my side. Buffer section was missing which was causing this problem. Apologies.

[errm]

Thanks for the report, I am glad you solved your issue... Is there anything we could have done with documentation to help you avoid this?