Linux Journal Output Module (omjournal)
Module Name: omjournal
Author: Rainer Gerhards <email@example.com>
Available since: 7.3.7
The omjournal output module provides an interface to the Linux journal. It is meant to be used in those cases where the Linux journal is being used as the sole system log database. With omjournal, messages from various sources (e.g. files and remote devices) can also be written to the journal and processed by its tools.
A typical use case we had on our mind is a SOHO environment, where the user wants to include syslog data obtained from the local router to be part of the journal data.
We suggest to check out our short presentation on rsyslog journal integration to learn more details of anticipated use cases.
Module Configuration Parameters:
Action Confguration Parameters:
- One needs to be careful that no message routing loop is created. The
systemd journal forwards messages it receives to the traditional syslog
system (if present). That means rsyslog will receive the same message that
it just wrote as new input on imuxsock. If not handled specially and assuming
all messages be written to the journal, the message would be emitted to the
journal again and a deadly loop is started.
To prevent that, imuxsock by default does not accept messages originating from its own process ID, aka it ignores messages from the current instance of rsyslogd. However, this setting can be changed, and if so the problem may occur.
We assume we have a DSL router inside the network and would like to receive its syslog message into the journal. Note that this configuration can be used without havoing any other syslog functionality at all (most importantly, there is no need to write any file to /var/log!). We assume syslog over UDP, as this is the most probable choice for the SOHO environment that this use case reflects. To log to syslog data to the journal, add the following snippet to rsyslog.conf:
Note that this can be your sole rsyslog.conf if you do not use rsyslog for anything else than receving the router syslog messages.
If you do not receive messages, you probably need to enable inbound UDP syslog traffic in your firewall.