Add ability for Vector to log to syslog directly

[positron96]

A note for the community

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Use Cases

When vector is installed as a systemd service (on Ubuntu and Debian at least), its logs are fed into journald, and when you view the logs via journalctl -u vector, they are all at INFO severity, hence no colorization. Even if vector reports errors/warnings (and ERROR/WARNING word is in the log text), the syslog severity is still INFO. In fact, I use vector to take system logs and send them to Loki+Grafana, and all vector logs are shown as INFO there as well (because I process syslog severity into grafana loglevel).

Attempted Solutions

I tried to find in the documentation on configuring vector a way to specify what logging method to use, didn't find anything.

Proposal

It would be nice to have proper syslog severity assigned to log events, to enable journalctl filtering, coloring and related features.

There could be a configuration option to send logs to stdout and color them internally (current behavior seems to do this and enables/disables coloring depending on terminal interactivity or something like that) or to send them to syslog with proper severity and facility. Systemd unit will then set this configuration (as a commandline switch or ENV var) to syslog, while default will be stdout.

References

No response

Version

tried on 0.30.0, 0.35.0, same behavior

[jszwedko]

Thanks for opening this @positron96 . I think I need to better understand the desired implementation here. Currently Vector simply outputs logs to stderr. It's up to the parent process to decide what to do with that output (e.g. for SystemD it is routed to JournalD by default). Is the request here to be able to have Vector log its output via JournalD or Syslog directly?

[positron96]

Hi @jszwedko. Yes, you got everything right. And to not break current behavior, the proposal is to make it configurable via command line switch or env variable, and keep current behavior as default.

[jszwedko]

Gotcha, I see. Let me retitle this issue to be to add the ability for Vector to log via syslog.

I think the way we'd be likely to enable this is to encourage users to use the internal_logs source to capture Vector's logs and route them to a socket sink. The missing link is that there is no syslog codec that can be used just yet. That's being worked on over here: #17668