A note for the community

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Use Cases

I am ingesting logs with vector and want to visualize them using journalctl, locally on my server next to system logs, providing a single point of entry when troubleshooting an issue in the console.

Attempted Solutions

Using systemd-cat in the manner described in this blog post https://www.sherbers.de/continuously-import-logfiles-into-journald/ is a poor but working solution. Unfortunately, it has none of the advanced parsing, formatting and reliability features of vector (ability to make identifier, timestamp, and severity dynamic, as well as add metadata, and track position in input files)

Within vector, I tried using the socket sink to send messages to various sockets as shown here https://www.gabriel.urdhr.fr/2015/04/29/journald-workflow/ , but unfortunately for stream it needs a prologue, and syslog and native have a protocol mismatch:

2023-11-16T21:20:37.857783Z ERROR vector::topology::builder: msg="Healthcheck failed." error=Failed connecting to socket at path /run/systemd/journal/socket: Protocol wrong type for socket (os error 91) component_kind="sink" component_type="socket" component_id=devlog

Proposal

Implement a journald sink, either using the C bindings directly (sd_journal_send()), or through the proper protocol for the above mentioned sockets.

References

No response

Version

vector 0.34.0 (x86_64-unknown-linux-gnu c909b66 2023-11-07 15:07:26.748571656)