The documentation actually is amazing, but for me (maybe for someone else) it's not clear: can I use the rotating logs setup with the logspout?

For example, I have the following command for starting some docker container:

docker run --log-opt max-size=10m --log-opt max-file=5 ...

And the Logstash command is:

docker run -d --name=logspout\
 --volume=/var/run/docker.sock:

I noticed that there is code in afsocket which looks like it should be setting a 60 second keepalive interval on the socket:

https://github.com/syslog-ng/syslog-ng/blob/master/modules/afsocket/socket-options-inet.c#L234

#if defined(TCP_KEEPTIME) && defined(TCP_KEEPIDLE) && defined(TCP_KEEPCNT)
  self->tcp_keepalive_time = 60;
  self->tcp_keepalive_intvl = 10;
  self->tcp_keepalive_prob

Adding a way to clear the screen and mark a line is good idea, as we might have several lines/pages on each updated and can be hard to known where to start reading.
Clear will also clear stored buffer and mark can be used to track some event

For clean, a small button/trash is probably good enough, mark would be great if you could click or select with the mouse

Hello -

If windows support has been merged into Frontail as mentioned in #194 then the readme should be updated to include it.

Currently the readme states:

Installation options
download a binary file from Releases page (currently **frontail doesn't work on Windows**)

currently when rsyslog starts, it checks to see if a pidfile exists, and if it exists, rsyslog refuses to start.

However, if rsyslog crashes or is killed with a -9, it does not have a chance to remove the pidfile and so a replacement cannot be started

As an enhancement, rather than just depending only on the existance of a pid file, rsyslog should look in the pid file and check to see if the

The syslog header should be stripped, stored in a separate filed, but it should not be presented directly in search results. It should be accessible some other way.

Hi! I've recently become more interested in structured logging, and have looked into a few structured logging libraries.

You get amazing power when you dump the logs from all of your different systems and sources into a centralized log store, and can then view and analyze them as one whole.

What I've noticed though is that the various structured logging frameworks all save JSON log entries i

Hi,

First off - thanks for all the hard work that's gone into the integration documentation and examples! Really made it easy to get started with Papertrail.

I'd like to suggest one improvement to the Elastic Beanstalk example, however. As written, examples/remote_syslog.ebextensions.config uses a container_command to restart remote_syslog. However, container_command items are execut

I should add change log section in the README.md

syslog via /dev/log incorrectly assumes existence of 'hostname' in the message, and thus uses the first word in the message as 'tag'. The parsers must be parametrized to know if they should parse a hostname or not.

This is a great app and thank you for making it.

As a user, it was unclear to me how to add a Filter value, for example, Filter: Only see Error messages. I see how I can sort. And I see how I can search for Error. But that is then doing a full text search through the error content as well.

Is your feature request related to a problem? Please describe.

I have some issues around the "date" and "time" fields which come from syslog, either as pipe-delimited fields or as mapped JSON fields.

The fundamental question is: are these fields actually used for anything, apart from being included in alert messages? And does it matter if the format is not YYYY-MM-DD or HH:MM:SS?

**

希望作者能够提供上述方法

Improve error message when running tlog-play -r journal without a -M argument

unexpected character
Failed reading the source at entry 0

Context

Documentation to the input is out of date and does not include information on AWS Authentication wizard
https://docs.graylog.org/en/latest/pages/integrations/inputs

The official and locally built napalm-logs Docker container I made don't support the kafka transport. Upon inspection, I realized that kafka-python is missing from requirements.txt--so it will never make it into the container. I've fixed this in my fork, but wanted to know if that was deliberately left out or if there's a way to get it into the Docker container other than this that I'm not aware o

It is not uncommon to run multiple alertmanagers, think for example a cluster of alertmanagers for each region you are hosting services in.

The current plugin allows you to only target a single AlertManager.

We use Alerta to group/visualize all our alerts from different monitoring systems and from different alertmanagers - it would be very convenient if this plugin would allow one to silence