Revert system module support for journald

Revert the system module usage of the system-logs input that was
enabling it to run the Journald input. The revert is done in the
system module configuration, pipelines and documentation. The
system-logs input and its tests are kept.

filebeat/docs/modules/system.asciidoc

@@ -23,7 +23,7 @@ include::../include/gs-link.asciidoc[]
 === Compatibility
 
 This module was tested with logs from OSes like Ubuntu 12.04, Centos 7, and
-macOS Sierra. For Debian 12 Journald is used to read the system logs.
+macOS Sierra.
 
 This module is not available for Windows.
 
@@ -65,15 +65,11 @@ include::../include/config-option-intro.asciidoc[]
 
 include::../include/var-paths.asciidoc[]
 
-include::../include/use-journald.asciidoc[]
-
 [float]
 ==== `auth` fileset settings
 
 include::../include/var-paths.asciidoc[]
 
-include::../include/use-journald.asciidoc[]
-
 *`var.tags`*::
 
 A list of tags to include in events. Including `forwarded` indicates that the

filebeat/filebeat.reference.yml

@@ -21,18 +21,7 @@ filebeat.modules:
     # Filebeat will choose the paths depending on your OS.
     #var.paths:
 
-    # Force using journald to collect system logs
-    #var.use_journald: true|false
-
-    # Force using log files to collect system logs
-    #var.use_files: true|false
-
-    # If use_journald and use_files are false, then
-    # Filebeat will autodetect whether use to journald
-    # to collect system logs.
-
-    # Input configuration (advanced).
-    # Any input configuration option
+    # Input configuration (advanced). Any input configuration option
     # can be added under this section.
     #input:
 
@@ -44,23 +33,6 @@ filebeat.modules:
     # Filebeat will choose the paths depending on your OS.
     #var.paths:
 
-    # Force using journald to collect system logs
-    #var.use_journald: true|false
-
-    # Force using log files to collect system logs
-    #var.use_files: true|false
-
-    # If use_journald and use_files are false, then
-    # Filebeat will autodetect whether use to journald
-    # to collect system logs.
-
-    # A list of tags to include in events. Including 'forwarded'
-    # indicates that the events did not originate on this host and
-    # causes host.name to not be added to events. Include
-    # 'preserve_orginal_event' causes the pipeline to retain the raw log
-    # in event.original. Defaults to [].
-    #var.tags: []
-
     # Input configuration (advanced). Any input configuration option
     # can be added under this section.
     #input:

filebeat/input/systemlogs/input.go

@@ -93,7 +93,7 @@ func PluginV2(logger *logp.Logger, store cursor.StateStore) v2.Plugin {
 
 	return v2.Plugin{
 		Name:       pluginName,
-		Stability:  feature.Stable,
+		Stability:  feature.Experimental,
 		Deprecated: false,
 		Info:       "system-logs input",
 		Doc:        "The system-logs input collects system logs on Linux by reading them from journald or traditional log files",

filebeat/module/system/_meta/config.reference.yml

@@ -7,18 +7,7 @@
     # Filebeat will choose the paths depending on your OS.
     #var.paths:
 
-    # Force using journald to collect system logs
-    #var.use_journald: true|false
-
-    # Force using log files to collect system logs
-    #var.use_files: true|false
-
-    # If use_journald and use_files are false, then
-    # Filebeat will autodetect whether use to journald
-    # to collect system logs.
-
-    # Input configuration (advanced).
-    # Any input configuration option
+    # Input configuration (advanced). Any input configuration option
     # can be added under this section.
     #input:
 
@@ -30,23 +19,6 @@
     # Filebeat will choose the paths depending on your OS.
     #var.paths:
 
-    # Force using journald to collect system logs
-    #var.use_journald: true|false
-
-    # Force using log files to collect system logs
-    #var.use_files: true|false
-
-    # If use_journald and use_files are false, then
-    # Filebeat will autodetect whether use to journald
-    # to collect system logs.
-
-    # A list of tags to include in events. Including 'forwarded'
-    # indicates that the events did not originate on this host and
-    # causes host.name to not be added to events. Include
-    # 'preserve_orginal_event' causes the pipeline to retain the raw log
-    # in event.original. Defaults to [].
-    #var.tags: []
-
     # Input configuration (advanced). Any input configuration option
     # can be added under this section.
     #input:

filebeat/module/system/_meta/config.yml

@@ -7,37 +7,10 @@
     # Filebeat will choose the paths depending on your OS.
     #var.paths:
 
-    # Force using journald to collect system logs
-    #var.use_journald: true|false
-
-    # Force using log files to collect system logs
-    #var.use_files: true|false
-
-    # If use_journald and use_files are false, then
-    # Filebeat will autodetect whether use to journald
-    # to collect system logs.
-
   # Authorization logs
   auth:
     enabled: false
 
     # Set custom paths for the log files. If left empty,
     # Filebeat will choose the paths depending on your OS.
     #var.paths:
-
-    # Force using journald to collect system logs
-    #var.use_journald: true|false
-
-    # Force using log files to collect system logs
-    #var.use_files: true|false
-
-    # If use_journald and use_files are false, then
-    # Filebeat will autodetect whether use to journald
-    # to collect system logs.
-
-    # A list of tags to include in events. Including forwarded
-    # indicates that the events did not originate on this host and
-    # causes host.name to not be added to events. Include
-    # preserve_orginal_event causes the pipeline to retain the raw log
-    # in event.original. Defaults to [].
-    #var.tags: []

filebeat/module/system/_meta/docs.asciidoc

@@ -16,7 +16,7 @@ include::../include/gs-link.asciidoc[]
 === Compatibility
 
 This module was tested with logs from OSes like Ubuntu 12.04, Centos 7, and
-macOS Sierra. For Debian 12 Journald is used to read the system logs.
+macOS Sierra.
 
 This module is not available for Windows.
 
@@ -58,15 +58,11 @@ include::../include/config-option-intro.asciidoc[]
 
 include::../include/var-paths.asciidoc[]
 
-include::../include/use-journald.asciidoc[]
-
 [float]
 ==== `auth` fileset settings
 
 include::../include/var-paths.asciidoc[]
 
-include::../include/use-journald.asciidoc[]
-
 *`var.tags`*::
 
 A list of tags to include in events. Including `forwarded` indicates that the

filebeat/module/system/auth/config/auth.yml

@@ -1,33 +1,17 @@
-type: system-logs
-{{ if .use_journald }}
-use_journald: true
+type: log
+paths:
+{{ range $i, $path := .paths }}
+ - {{$path}}
 {{ end }}
+exclude_files: [".gz$"]
 
-{{ if .use_files }}
-use_files: true
-{{ end }}
+multiline:
+  pattern: "^\\s"
+  match: after
 
-tags: {{ .tags | tojson }}
 processors:
   - add_locale: ~
 
-publisher_pipeline.disable_host: {{ inList .tags "forwarded" }}
-
-journald:
-  id: system-auth
-  facilities:
-    - 4
-    - 10
-
-files:
-  id: system-auth
-  paths:
-  {{ range $i, $path := .paths }}
-    - {{$path}}
-  {{ end }}
-  exclude_files: [".gz$"]
-
-  multiline:
-    pattern: "^\\s"
-    match: after
+tags: {{ .tags | tojson }}
 
+publisher_pipeline.disable_host: {{ inList .tags "forwarded" }}