Remote/central logging with RHEL 7

Posted on

I am interested in the method that Red Hat suggests for remote logging in RHEL 7. The desired end result is to have guaranteed log delivery to a remote host over an encrypted channel.

As far as I can tell, journald doesn't natively support remote logging so the logs should be forwarded through rsyslog eg.
journal -> rsyslog --remote connection-- > rsyslog

With the addition of structured logging / json, is logging directly to a remote MongoDB instance a suggested alternative? eg.
journal -> rsyslog -> json --remote connection--> mongodb

Currently I use a combination of rsyslog with omrelp + stunnel to provide encrypted remote logging capabilities in RHEL 6 (because version of rsyslog/librelp shipped does not support native omrelp TLS). I believe the RHEL 7 version of rsyslog/librelp is still behind the version required for native omrelp + TLS too...

So what do people suggest?

What do you use for your logging solution?

pixdrift ‏‏‎ ‎'s picture

Responses