Feature Request Systemd_Journald plugin

[tiny-pangolin]

Feature Request

An input plugin for the systemd journal that can capture the journald logs from one or all systemd services and sockets.

Proposal:

either use a socket or the core os systemd library to gather detailed log information from systemd.

Current behavior:

In order to get some data from the systemd journal syslog or journald needs to be configured to receive logs from journald and the syslog input plugin is used gather data.

Desired behavior

A native journald plugin that captures the detailed info directly from journald.

Use case:

it would be nice to have one place to grab all the logs for all services instead of having to setup tail for each file or service. It would also be a great way to get logs from early in the boot process that cannot be captured from syslog.

[Mic92]

This was already implemented here but than not merged because of its c dependency: https://github.com/influxdata/telegraf/pull/2569/files

[ajsicek]

what does it mean practically for beeing able to use it (soon)? :)

[tiny-pangolin]

That implemention won't be used since bringing in a c dependancy into a golang project is not easy to maintain

[Mic92]

In theory it should be possible to use the syslog input, like this (requires telegraf 1.20.0-rc0)

server = "unixgram:///run/systemd/journal/syslog";
best_effort = true;
syslog_standard = "RFC3164";

However the syslog parser is a bit too strict parsing tags because systemd does not limit their length.

[enspritz]

2023 Summer, Telegraf 1.26. Have there been any changes in the intervening period that enable this dream of having Telegraf read directly from the systemd/journald log stream?

[positron96]

If anyone is looking for alternatives, I switched to vector.dev for exact reason of supporting journald (and everything else I need).