|
|
|
@ -69,16 +69,25 @@ if (-e $conf->{state}){ |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
open JOURNAL, "journalctl -f -o json$cursor_arg |"; |
|
|
|
|
open JOURNAL, "/usr/bin/journalctl -f -o json$cursor_arg |"; |
|
|
|
|
while (my $entry = <JOURNAL>){ |
|
|
|
|
my $msg = from_json($entry); |
|
|
|
|
my $gelf = { |
|
|
|
|
version => 1.1, |
|
|
|
|
short_message => $msg->{MESSAGE}, |
|
|
|
|
host => $msg->{_HOSTNAME}, |
|
|
|
|
timestamp => int ($msg->{__REALTIME_TIMESTAMP} / (1000 * 1000)), |
|
|
|
|
level => $msg->{PRIORITY} |
|
|
|
|
version => 1.1, |
|
|
|
|
short_message => $msg->{MESSAGE}, |
|
|
|
|
host => $msg->{_HOSTNAME}, |
|
|
|
|
timestamp => int ($msg->{__REALTIME_TIMESTAMP} / (1000 * 1000)), |
|
|
|
|
level => $msg->{PRIORITY} |
|
|
|
|
}; |
|
|
|
|
# Now lets look at the message. If it starts with gelf: we can split it and have further |
|
|
|
|
# fields to send. I use this to handle httpd or nginx logs for example |
|
|
|
|
if ($msg->{MESSAGE} =~ m/^gelf:([a-zA-Z\d]+=([^\|])\|?)+/){ |
|
|
|
|
$msg->{MESSAGE} =~ s/^gelf://; |
|
|
|
|
foreach (split /\|/, $msg->{MESSAGE}){ |
|
|
|
|
my ($key,$val) = split /=/, $_; |
|
|
|
|
$gelf->{'_' . lc $key} = $val; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
foreach (grep !/^MESSAGE|_HOSTNAME|__REALTIME_TIMESTAMP|PRIORITY$/, keys %$msg){ |
|
|
|
|
my $key = lc (($_ =~ m/^_/) ? $_ : '_' . $_); |
|
|
|
|
$gelf->{$key} = $msg->{$_}; |
|
|
|
|