system() and systemd over kmsg (#150)

Adjusted Linux section expanding it with new usecases. Signed-off-by: Zsolt Gyulai (zgyulai) <zsolt.gyulai@quest.com>
syslog-ng · Feb 4, 2025 · 4b8d860 · 4b8d860
2 parents 2512a1d + 5040782
commit 4b8d860
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/doc/_admin-guide/060_Sources/180_System/README.md b/doc/_admin-guide/060_Sources/180_System/README.md
@@ -50,7 +50,10 @@ such messages without losing any information to CIM-aware applications
 |              | Note that on Linux, the so-rcvbuf() option of the system() source is automatically set to 8192.        |
 |              | If the host is running under systemd, {{ site.product.short_name }} reads directly from the systemd journal file using the systemd-journal() source.                        |
 |              | If the kernel of the host is version 3.5 or newer, and /dev/kmsg is seekable, {{ site.product.short_name }} will use that instead of /proc/kmsg, using the multi-line-mode(indented), keep-timestamp(no), and the format(linux-kmsg)options.                      |
-|              | If {{ site.product.short_name }} is running in a jail or a Linux Container (LXC), it will not read from the /dev/kmsg or /proc/kmsg files.                                 |
+|              |If {{ site.product.short_name }} is running in a jail or a Linux Container (LXC), it will not read from the `/dev/kmsg` or `/proc/kmsg` files.
+|              |With systemd: `systemd-journal();`
+|              |Without systemd, on kernel 3.5 or newer: `unix-dgram("/dev/log"); file("/dev/kmsg" program-override("kernel") flags(kernel) format("linux-kmsg") keep-timestamp(no));`
+|              |Without systemd, on kernels older than 3.5: `unix-dgram("/dev/log"); file("/proc/kmsg" program-override("kernel") flags(kernel) keep-timestamp(no));`
 | macOS        |     file("/var/log/system.log" follow-freq(1));      |
 |              | **NOTE:** Starting with version 3.7, the {{ site.product.short_name }} system() driver automatically extracts the msgid  from the message (if available), and stores it in the .solaris.msgid macro. To extract the msgid from the message without using the system()driver, use the **extract-solaris-msgid()** parser. You can find the exact source of the Solaris parser on GitHub.|
 | NetBSD       |     unix-dgram("/var/run/log");                      |