I'm used to sending my logs from a server to a remote Logstash using rsyslog, with a configuration file roughly as follows (usually more specific to prevent too many logs from being sent):
*.* @192.168.5.5:5000
I'm now starting work on a server that does not have syslog running but instead uses journald. Is there a similar way to send the logs to Logstash with journald as is done with Syslog, or does it require more work? I can't find much information online regarding the use of Logstash with journald.
Best Answer
There is no official support, but there is an open issue to get it added. It turns out there are a few plugins that shim in this support, notably logstash-input-journald.