I'm running an application under systemd within CentOS 7. It logs to stdout and systemd is capturing that into journalctl just fine. I'd like to also:
- get a rotated text log file also saved to the local filesystem for familiarity to our sysadmins
- Get this data cleanly into logstash, ideally just the application logs, not all of syslog which also includes the OS messages, other applications, etc
I was initially researching using multilog from djb's daemontools but given systemd unit files don't like shell pipelines in ExecStart, plus there's no official RPM for daemontools that's part of CentOS, I'm hoping there's a less-cludgey approach.
I currently have logstash-forwarder reading syslog from /var/log/messages and /var/log/secure but I'd rather not include messages other than from this particular application.
A third party input plugin for logstash that reads the systemd journal directly is available. Adding support directly to logstash remains an open issue.Logstash now includes a systemd journal input plugin.
This would be only your basic solution something like this
journalctl -f -o json | tee -a /var/log/systemdYou would need log rotation for that file to take care of the size otherwise it will fill up so quickly
Definitely considering you don't need to deploy stuff like logstash or fluentd