Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

new source: dmesg #3680

Open
Hoverbear opened this issue Sep 2, 2020 · 4 comments
Open

new source: dmesg #3680

Hoverbear opened this issue Sep 2, 2020 · 4 comments
Labels
domain: logs Anything related to Vector's log events domain: sources Anything related to the Vector's sources needs: approval Needs review & approval before work can begin. needs: more demand Needs more demand before work can begin, +1 or comment to support. source: new A request for a new source type: feature A value-adding code addition that introduce new functionality.

Comments

@Hoverbear
Copy link
Contributor

Hoverbear commented Sep 2, 2020
edited
Loading

Inspired by the output of https://github.com/polyverse/rmesg, we noted that a source which creates new events from kernel dmesg logs.

It should turn each dmesg event into a Vector event.

[sources.kernel_dmesg]
type = "dmesg"

We can use rmesg to do this.
@Hoverbear Hoverbear added type: enhancement A value-adding code change that enhances its existing functionality. needs: approval Needs review & approval before work can begin. labels Sep 2, 2020
@MOZGIII MOZGIII mentioned this issue Dec 3, 2020
Closed
@MOZGIII
Copy link
Contributor

MOZGIII commented Dec 3, 2020

Would be useful at #5362

@binarylogic binarylogic added the needs: more demand Needs more demand before work can begin, +1 or comment to support. label Jan 6, 2021
@binarylogic
Copy link
Contributor

@MOZGIII in what way? I'm curious how critical this is. I'd like to see if we get more user demand for this feature.

@gvalkov
Copy link

gvalkov commented Jan 29, 2021

This would be useful and if it was available, we would use it process nftables/iptables log messages from the kernel log.

Instead of providing a separate source, you could also extend the capabilities of the journald source (i.e. journalctl SYSLOG_IDENTIFIER=kernel or journalctl -k).

@binarylogic binarylogic added domain: sources Anything related to the Vector's sources type: feature A value-adding code addition that introduce new functionality. domain: logs Anything related to Vector's log events and removed type: enhancement A value-adding code change that enhances its existing functionality. labels Feb 21, 2021
@binarylogic binarylogic mentioned this issue Feb 21, 2021
Closed
@jszwedko
Copy link
Member

Just noting here that I'm adding 'ProtectKernelLogs=yes` as part of #6555 so if we do implement this, we should remove that setting (or guide users to if they use the dmesg source).

@watawuwu watawuwu mentioned this issue Jul 13, 2021
Closed
@jszwedko jszwedko added the source: new A request for a new source label Aug 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
domain: logs Anything related to Vector's log events domain: sources Anything related to the Vector's sources needs: approval Needs review & approval before work can begin. needs: more demand Needs more demand before work can begin, +1 or comment to support. source: new A request for a new source type: feature A value-adding code addition that introduce new functionality.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Hoverbear @gvalkov @MOZGIII @jszwedko @binarylogic