Create a provider to configure log collection on a given host.
rsyslog is very well serviced by the sblim-cmpi-syslog provider that has been around for some time. It generally works by parsing /etc/rsyslog.conf and collecting data from referenced log files in /var/log.
What I found is the inability to handle $IncludeConfig directives properly, thus not seeing any logs defined in /etc/rsyslog.d/ config files. Going to fix that.
Apart from mining log data, it also provides Syslog_Service module that is handling syslog service start/stop/status... This is kinda duplicate since we have a service OpenLMI provider now, but it supports systemd fully and is working.
With the introduction of journald, we would need a provider to mine that source, in case orthodox syslog daemons are being stopped shipped or enabled by default, or user deliberately chooses to. I'm going to write new journald provider as a part of the OpenLMI project (no ticket so far AFAIK).
Should there be any issues with the sblim-cmpi-syslog provider, please report any bugs to me.
Let us reopen the ticket for now until we make sure that all the aspects of the integration are covered by what is available.
Here are the use cases that I am mostly concerned about:
The similar questions would be asked about journald. If this is all possible - great, can you please share how? Instructions and OpenLMI example scriplets would be really helpful.
To justify the closure of this ticket we need to have at least a design page on the FreeIPA wiki that would explain how to accomplish what is described above.
I see your point now. These are configuration concerns, highly rsyslog-specific I would say. We do not support that yet, from the configuration side the provider is only capable of adding and deleting rules. Filtering can be modified in a limitied way, however there's no support for $-signed rsyslog directives.
I've added these to the wishlist I'm maintaining for the sblim provider: https://fedorahosted.org/openlmi/wiki/sblim-cmpi-syslog
Deferring for the reasons recorded in #3505.
Metadata Update from @dpal: - Issue assigned to someone - Issue set to the milestone: Tickets Deferred
Login to comment on this ticket.