Remote/central logging with RHEL 7
I am interested in the method that Red Hat suggests for remote logging in RHEL 7. The desired end result is to have guaranteed log delivery to a remote host over an encrypted channel.
As far as I can tell, journald doesn't natively support remote logging so the logs should be forwarded through rsyslog eg.
journal -> rsyslog --remote connection-- > rsyslog
With the addition of structured logging / json, is logging directly to a remote MongoDB instance a suggested alternative? eg.
journal -> rsyslog -> json --remote connection--> mongodb
Currently I use a combination of rsyslog with omrelp + stunnel to provide encrypted remote logging capabilities in RHEL 6 (because version of rsyslog/librelp shipped does not support native omrelp TLS). I believe the RHEL 7 version of rsyslog/librelp is still behind the version required for native omrelp + TLS too...
So what do people suggest?
What do you use for your logging solution?