rsyslog is very well serviced by the sblim-cmpi-syslog provider that has been around for some time. It generally works by parsing /etc/rsyslog.conf and collecting data from referenced log files in /var/log.

What I found is the inability to handle $IncludeConfig directives properly, thus not seeing any logs defined in /etc/rsyslog.d/ config files. Going to fix that.

Apart from mining log data, it also provides Syslog_Service module that is handling syslog service start/stop/status... This is kinda duplicate since we have a service OpenLMI provider now, but it supports systemd fully and is working.

With the introduction of journald, we would need a provider to mine that source, in case orthodox syslog daemons are being stopped shipped or enabled by default, or user deliberately chooses to. I'm going to write new journald provider as a part of the OpenLMI project (no ticket so far AFAIK).

Should there be any issues with the sblim-cmpi-syslog provider, please report any bugs to me.

Let us reopen the ticket for now until we make sure that all the aspects of the integration are covered by what is available.

Here are the use cases that I am mostly concerned about:

1. Pointing rsyslog to an external log producing application to track and collect logs. Is it possible via the OpenLMI interface? Can you stop tracking the external application?
2. Can you configure where the logs should be sent via OpenLMI? Can you configure it with Kerberos GSSAPI as described here http://www.rsyslog.com/doc/gssapi.html? Can you change the destination later?
3. Can you configure filtering and proxy capabilities of rsyslog?

The similar questions would be asked about journald.
If this is all possible - great, can you please share how?
Instructions and OpenLMI example scriplets would be really helpful.

To justify the closure of this ticket we need to have at least a design page on the FreeIPA wiki that would explain how to accomplish what is described above.

I see your point now. These are configuration concerns, highly rsyslog-specific I would say. We do not support that yet, from the configuration side the provider is only capable of adding and deleting rules. Filtering can be modified in a limitied way, however there's no support for $-signed rsyslog directives.

I've added these to the wishlist I'm maintaining for the sblim provider: https://fedorahosted.org/openlmi/wiki/sblim-cmpi-syslog

Deferring for the reasons recorded in #3505.