# system: Collect the system-specific log messages of a platform Starting with version 3.2, AxoSyslog can automatically collect the system-specific log messages of the host on a number of platforms using the `system()` driver. If the `system()` driver is included in the AxoSyslog configuration file, AxoSyslog automatically adds the following sources to the AxoSyslog configuration. Note AxoSyslog versions 3.2-3.3 used an external script to generate the `system()` source, but this was problematic in certain situations, for example, when the host used a strict AppArmor profile. Therefore, the `system()` source is now generated internally in AxoSyslog. The `system()` driver is also used in the default configuration file of AxoSyslog. For details on the default configuration file, see [Example: The default configuration file of [%=General.OSE%]](../../docs/axosyslog-core/quickstart/configure-clients/index.md). Starting with AxoSyslog version 3.6, you can use the `system-expand` command-line utility (which is a shell script, located in the `modules/system-source/` directory) to display the configuration that the `system()` source will use. Warning If AxoSyslog does not recognize the platform it is installed on, it does not add any sources. Starting with version 3.6, AxoSyslog parses messages complying with the [Splunk Common Information Model (CIM)]() and marked with `@cim` as JSON messages (for example, the ulogd from the netfilter project can emit such messages). That way, you can forward such messages without losing any information to CIM-aware applications (for example, Splunk). Sources automatically added by AxoSyslog Platform | Message source ---|--- AIX | ` unix-dgram("/dev/log"); ` FreeBSD | ` unix-dgram("/var/run/log"); ` ` unix-dgram("/var/run/logpriv" perm(0600)); ` ` file("/dev/klog" follow-freq(0) program-override("kernel") flags(no-parse)); ` For FreeBSD versions earlier than 9.1, `follow-freq(1)` is used. GNU/kFreeBSD | ` unix-dgram("/var/run/log"); ` ` file("/dev/klog" follow-freq(0) program-override("kernel")); ` HP-UX | ` pipe("/dev/log" pad-size(2048)); ` Linux | Note that on Linux, the `so-rcvbuf()` option of the `system()` source is automatically set to 8192. If the host is running under systemd, AxoSyslog reads both syslog and kernel messages directly from the systemd journal file using the `systemd-journal()` source. In this case, AxoSyslog doesn't read from `/dev/log` nor `/proc/kmsg`. If the kernel of the host is version 3.5 or newer, and `/dev/kmsg` is seekable, AxoSyslog will use that instead of `/proc/kmsg`, using the `multi-line-mode(indented)`, `keep-timestamp(no)`, and the `format(linux-kmsg)` options. If AxoSyslog is running in a jail or a Linux Container (LXC), it will not read from the `/dev/kmsg` or `/proc/kmsg` files. * With systemd: `systemd-journal();` * Without systemd, on kernel 3.5 or newer: `unix-dgram("/dev/log"); file("/dev/kmsg" program-override("kernel") flags(kernel) format("linux-kmsg") keep-timestamp(no));` * Without systemd, on kernels older than 3.5: `unix-dgram("/dev/log"); file("/proc/kmsg" program-override("kernel") flags(kernel) keep-timestamp(no));` macOS | ` file("/var/log/system.log" follow-freq(1)); ` Note Starting with version 3.7, the AxoSyslog`system()` driver automatically extracts the msgid from the message (if available), and stores it in the `.solaris.msgid` macro. To extract the msgid from the message without using the `system()`driver, use the `extract-solaris-msgid()` parser. You can find the exact source of this parser in the [AxoSyslog GitHub repository](). NetBSD | ` unix-dgram("/var/run/log"); ` Note Starting with version 3.7, the AxoSyslog`system()` driver automatically extracts the msgid from the message (if available), and stores it in the `.solaris.msgid` macro. To extract the msgid from the message without using the `system()`driver, use the `extract-solaris-msgid()` parser. You can find the exact source of this parser in the [AxoSyslog GitHub repository](). Solaris 8 | ` sun-streams("/dev/log"); ` Note Starting with version 3.7, the AxoSyslog`system()` driver automatically extracts the msgid from the message (if available), and stores it in the `.solaris.msgid` macro. To extract the msgid from the message without using the `system()`driver, use the `extract-solaris-msgid()` parser. You can find the exact source of this parser in the [AxoSyslog GitHub repository](). Solaris 9 | ` sun-streams("/dev/log" door("/etc/.syslog_door")); ` Note Starting with version 3.7, the AxoSyslog`system()` driver automatically extracts the msgid from the message (if available), and stores it in the `.solaris.msgid` macro. To extract the msgid from the message without using the `system()`driver, use the `extract-solaris-msgid()` parser. You can find the exact source of this parser in the [AxoSyslog GitHub repository](). Solaris 10 | ` sun-streams("/dev/log" door("/var/run/syslog_door")); ` Note Starting with version 3.7, the AxoSyslog`system()` driver automatically extracts the msgid from the message (if available), and stores it in the `.solaris.msgid` macro. To extract the msgid from the message without using the `system()`driver, use the `extract-solaris-msgid()` parser. You can find the exact source of this parser in the [AxoSyslog GitHub repository](). * * * [system() source options](../../docs/axosyslog-core/chapter-sources/source-system/reference-source-system/index.md) Last modified December 11, 2023: [Rename content/chapter-quickstart to content/quickstart (ba5e73ad)]()