From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 836E5138A87 for ; Mon, 23 Feb 2015 08:41:36 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CF7C9E08AC; Mon, 23 Feb 2015 08:41:23 +0000 (UTC) Received: from mail0131.smtp25.com (mail0131.smtp25.com [75.126.84.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id B0864E089D for ; Mon, 23 Feb 2015 08:41:17 +0000 (UTC) Received: from ccs.covici.com (localhost [127.0.0.1]) by ccs.covici.com (8.14.9/8.14.8) with ESMTP id t1N8fEaI016448 for ; Mon, 23 Feb 2015 03:41:14 -0500 From: covici@ccs.covici.com To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] syslog-ng: how to read the log files In-reply-to: <20150223091529.656c0008@marcec.fritz.box> References: <87lhjws8ci.fsf@heimdali.yagibdah.de> <28267.1424201355@ccs.covici.com> <87d257q7en.fsf@heimdali.yagibdah.de> <20150218223115.7fb56f66@digimed.co.uk> <87vbitldj5.fsf@heimdali.yagibdah.de> <20150223091529.656c0008@marcec.fritz.box> Comments: In-reply-to Marc Joliet message dated "Mon, 23 Feb 2015 09:15:29 +0100." X-Mailer: MH-E 8.5; nmh 1.6; GNU Emacs 23.4.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <16445.1424680874.1@ccs.covici.com> Content-Transfer-Encoding: quoted-printable Date: Mon, 23 Feb 2015 03:41:14 -0500 Message-ID: <16447.1424680874@ccs.covici.com> X-SpamH-OriginatingIP: 70.109.53.110 X-SpamH-Filter: d-out-001.smtp25.com-t1N8fFQd025674 X-Archives-Salt: 03bf237d-fab5-4b5a-8af8-16d2ece67abe X-Archives-Hash: e86c7fb239287b3bc4924130ed6a36e8 Marc Joliet wrote: > Am Mon, 23 Feb 2015 00:41:50 +0100 > schrieb lee : > = > > Neil Bothwick writes: > > = > > > On Wed, 18 Feb 2015 21:49:54 +0100, lee wrote: > > > > > >> > I wonder if the OP is using systemd and trying to read the journa= l > > >> > files? = > > >> = > > >> Nooo, I hate systemd ... > > >> = > > >> What good are log files you can't read? > > > > > > You can't read syslog-ng log files without some reading software, us= ually > > > a combination of cat, grep and less. systemd does it all with journa= lctl. > > > > > > There are good reasons to not use systemd, this isn't one of them. > > = > > To me it is one of the good reasons, and an important one. Plain text > > can usually always be read without further ado, be it from rescue > > systems you booted or with software available on different operating > > systems. It can be also be processed with scripts and sent as email. > > You can probably even read it on your cell phone. You can still read > > log files that were created 20 years ago when they are plain text. > > = > > Can you do all that with the binary files created by systemd? I can't > > even read them on a working system. > = > What Canek and Rich already said is good, but I'll just add this: it's n= ot like > you can't run a classic syslog implementation alongside the systemd jour= nal. > On my systems, by *default*, syslog-ng kept working as usual, getting th= e logs > from the systemd journal. If you want to go further, you can even confi= gure > the journal to not store logs permanently, so that you *only* end up wit= h > plain-text logs on your system (Duncan on gentoo-amd64 went this way). > = > So no, the format that the systemd journal uses is most decidedly *not* = a reason > against using systemd. > = > Personally, I'm probably going to uninstall syslog-ng, because journalct= l is > *such* a nice way to read logs, so why run something whose output I'll n= ever > read again? I recommend reading > http://0pointer.net/blog/projects/journalctl.html for examples of the ki= nd of > stuff you can do that would be cumbersome, if not *impossible* with regu= lar > syslog. Except that I get lots of messages about the system journal missing messages when forwarding to syslog, so how can I make sure this does not happening? -- = Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici covici@ccs.covici.com