Re: [gentoo-user] I don't seem to have a system log. Help, please!

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

From: covici@ccs.covici.com
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] I don't seem to have a system log. Help, please!
Date: Mon, 09 Feb 2015 09:26:51 -0500	[thread overview]
Message-ID: <30642.1423492011@ccs.covici.com> (raw)
In-Reply-To: <CAGfcS_nt+TSxotgq=PsXnDPhjuUfmO37TaJMisx9afnNMBLgyQ@mail.gmail.com>

Rich Freeman <rich0@gentoo.org> wrote:

> On Mon, Feb 9, 2015 at 6:52 AM, Alec Ten Harmsel
> <alec@alectenharmsel.com> wrote:
> >
> > On 02/09/2015 06:49 AM, Mick wrote:
> >> On Monday 09 Feb 2015 11:23:15 Rich Freeman wrote:
> >>> You don't have to export them from anything unless you need their
> >>> content in a text file.  If you just run "journalctl" that is the
> >>> equivalent of typing cat /var/log/messages.  If you do want to parse
> >>> them with an external tool then you get your choice of several text
> >>> formats and json.
> >> The thing is I never use cat.  I invariably use less, rview, or grep, to
> >> browse or search the log files.
> >>
> >> How will this work with journalctl, will I have to export them first into a
> >> different format?
> >>
> >
> > You can run `journalctl | grep whatever`. I don't know what rview is,
> > but as long as whatever you're using supports pipes you should be fine.
> >
> 
> Keep in mind that if you're grepping logs, there is probably a better
> way to accomplish what you want to do with journalctl's options.
> Finding all output from a particular daemon is going to be more
> reliable if you filter by unit, versus getting verbose log output from
> your mail server that has "mysql" somewhere in it or whatever.  That
> is the main reason for using a binary log format.
> 
> But, yes, you can just pipe the output into the tool of your choice.
> If you keep a lot of logs like I do it might be wiser to prefilter it
> a bit, such as by adding -b to the options to limit it to entries
> since the last reboot.
> 
> I also tend to keep a journalctl -f running in a screen session, which
> is the equivalent of a tail -f.
> 
> If you're using an automated tool you can also use cursors to bookmark
> the last entry you read and then ask journalctl for entries since that
> one.  Of course, an automated tool would probably just read the logs
> via dbus or whatever (I haven't taken the time to look into the APIs).

I wonder if the original poster is using systemd?  Also, I find
journalctl very clumsy to find things about a specific program, such as
mail logs or whatever -- unless I am missing something.  I use
syslog-ng, although I get a lot of messages which say forwarding to
syslog missed n messages from system journal, so maybe its a problem,
but how would you use logwatch without something like syslog-ng?
-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

         John Covici
         covici@ccs.covici.com

next prev parent reply	other threads:[~2015-02-09 14:27 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-02-09  9:48 [gentoo-user] I don't seem to have a system log. Help, please! Alan Mackenzie
2015-02-09 10:06 ` Matthias Hanft
2015-02-09 10:12   ` Neil Bothwick
2015-02-09 11:23   ` Rich Freeman
2015-02-09 11:49     ` Mick
2015-02-09 11:52       ` Alec Ten Harmsel
2015-02-09 13:02         ` Rich Freeman
2015-02-09 13:43           ` Alec Ten Harmsel
2015-02-09 14:26           ` covici [this message]
2015-02-09 15:02             ` Rich Freeman
2015-02-09 15:09               ` covici
2015-02-09 15:10               ` [gentoo-user] alexandra vargas
2015-02-09 11:23   ` [gentoo-user] I don't seem to have a system log. Help, please! Alan Mackenzie
2015-02-09 11:46     ` Neil Bothwick
2015-02-09 10:19 ` Alan McKinnon
2015-02-09 11:26   ` Alan Mackenzie
2015-02-09 13:21     ` Matthias Hanft
2015-02-09 11:29   ` Mick
2015-02-09 11:48     ` Neil Bothwick
2015-02-09 11:13 ` Adam Carter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=30642.1423492011@ccs.covici.com \
    --to=covici@ccs.covici.com \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox