I found a minimal solution, which I don't quite understand.
I ended up creating an rsyslog config at /etc/rsyslog.d/my-namespace.conf with the content:input(type="imuxsock" Socket="/run/systemd/journal.my-namespace/syslog")
I guess with this rsyslog manages the socket, creating it if it doesn't exist.
It seems like magic to me though. I didn't configure anything else. How does journald know to write to this new socket?
On Wed, Dec 28, 2022 at 9:55 AM Mantas Mikulėnas <grawity@xxxxxxxxx> wrote:
The easiest way might be to just symlink it from the existing socket with `ln -s ../journal/syslog /run/systemd/journal.my-namespace`... other than that, depends on the syslog daemon, e.g. an additional unix-stream() for syslog-ng or imuxsock for rsyslogd. (The socket for the main namespace is set up through syslog.socket, but not sure whether adding a second ListenStream= would work for that.)On Wed, Dec 28, 2022 at 2:05 PM Aaron Enberg <pastaaroni@xxxxxxxxx> wrote:/run/systemd/journal/syslog exists and I am sure that ForwardToSyslog=yes is set on the default namespace.I’d like to setup an additional socket at /run/systemd/journal.my-namespace/syslog to forward logs to syslog from my own namespace. Can you point me to the documentation for how I should do this?On Wed, Dec 28, 2022 at 2:32 AM Mantas Mikulėnas <grawity@xxxxxxxxx> wrote:The forwarding itself is namespaced. ForwardToSyslog relies on the syslogd daemon setting up a receiving socket at /run/systemd/journal/syslog through which journald will send the messages – but for namespaced journald, the runtime directory is different (the point of it being namespaced) so the syslogd needs to set up an additional socket at /run/systemd/journal.my-namespace/syslog as well.(Though are you sure the system was using ForwardToSyslog, and not some other method? The default configuration of both rsyslog and syslog-ng no longer uses this forwarding style, instead the syslogd directly imports messages from .journal files – which again needs the syslogd to be configured to read from the namespaced path in addition to the default path.)On Tue, Dec 27, 2022 at 11:01 PM Aaron Enberg <pastaaroni@xxxxxxxxx> wrote:Hi maintainers,I am trying to get syslog forwarding working with a journal namespace I created for my application.My system is on Debian 11, systemd 247 (247.3-7+deb11u1)Originally, my service used the default namespace and forwarding to syslog was working. After creating a journal namespace and assigning my service to it with LogNamespace=my-namespace now the logs from my application do not get forwarded to syslog. I have made sure /etc/systemd/journald@xxxxxxxxxxxxxxxxx exists and contains the setting ForwardToSyslog=yes. I actually just copied the default config at /etc/systemd/journal.conf which has forwarding enabled by default. I can see the logs in the journal with journalctl --namespace my-namespace.I haven't seen any bugs reported on this so I must be missing something.Regards,Aaron
--Mantas Mikulėnas
--Mantas Mikulėnas
