You are not logged in.
I'm looking into options for log centralizing/monitoring for my home lab.
One obvious option is systemd-journal-remote. However, most guides on the web seem to use "passive"-source variant, i.e. the log-aggregating server listens for connections and the leaf nodes use systemd-journal-upload to upload their logs to the server.
However, I have no log-aggregating server but want to read all the logs on my personal laptop. This is my most trusted machine and I would like to avoid opening firewall ports on it. Hence, I would like to poll the data, i.e. running "systemd-journal-remote --url=ADDRESS"on my laptop and running systemd-journal-gatewayd on the leaf nodes (after opening ports on the leaf nodes).
This works fine with a single leaf-node, but trying it with two leaf-nodes:
/usr/lib/systemd/systemd-journal-remote --url="http://192.168.1.2:19531/entries?boot&follow" --url="http:///192.168.1.3:19531/entries?boot&follow"errors with
systemd-journal-remote[166664]: cannot currently set more than one --urlIs there a recommended/established way to do this?
Do I have to run a separate polling service for each individual machine? This seems cumbersome.
The work-around would be to provision a dedicated log-aggregating VM that's listening to all leaf-nodes, configure the leaf-nodes to upload to the VM, and then somehow poll the VM from my laptop. Is there a simpler way?
Doesn't have to scale beyond 10 leaf-nodes or so.
Thanks a lot in advance!
Last edited by stri (2023-04-27 15:48:13)
Offline