Using the command:
/usr/bin/journalctl -o short -f | ncat {some-ip} {some port}
To forward journal output to some remote log tracking app.
Problem is that I'm missing the systemd unit / service name in the printout making it hard to tell which service produces what log line.
for example this is a nginx line :
Jun 25 07:51:09 localhost bash[497]: 10.23.132.98 - - [25/Jun/2014:07:51:09 +0000] "GET /page.html HTTP/1.1" 200 321 "https://{ip}" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36"
In the log there is bash[497] - the PID of the process. How can I add more data to the log ? For example the docker container name of this PID or the systemd service/unit name ?
In the end ive implemented this in a diffrent way
each service / systemd unit has a post execute script that uses :
/usr/bin/journalctl -u {unit name} -o short -f | sed 's/^/{unit name}/' | ncat {some-ip} {some port}
now i have the unit name in the begining of the log line ! and my log collector has unit names in the message !
example
journalctl -u mongodb.service -o short -f | sed 's/^/mongodb.service /' | ncat {some-ip} {some port}
will output :
mongodb Jun 26 09:11:35 localhost bash[1710]: 2014-06-26T09:11:35.714+0000 [rsHealthPoll] replset info mongodb-0:27017 heartbeat failed, retrying