From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (unknown [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 059F91381FA for ; Thu, 22 May 2014 12:37:34 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9D478E0AAD; Thu, 22 May 2014 12:37:29 +0000 (UTC) Received: from smtpq1.tb.mail.iss.as9143.net (smtpq1.tb.mail.iss.as9143.net [212.54.42.164]) by pigeon.gentoo.org (Postfix) with ESMTP id 71B16E0A9D for ; Thu, 22 May 2014 12:37:28 +0000 (UTC) Received: from [212.54.42.137] (helo=smtp6.tb.mail.iss.as9143.net) by smtpq1.tb.mail.iss.as9143.net with esmtp (Exim 4.71) (envelope-from ) id 1WnSFU-0008C1-08 for gentoo-user@lists.gentoo.org; Thu, 22 May 2014 14:37:28 +0200 Received: from 53579160.cm-6-8c.dynamic.ziggo.nl ([83.87.145.96] helo=data.antarean.org) by smtp6.tb.mail.iss.as9143.net with esmtp (Exim 4.71) (envelope-from ) id 1WnSFT-0001Il-Kg for gentoo-user@lists.gentoo.org; Thu, 22 May 2014 14:37:27 +0200 Received: from andromeda.localnet (unknown [213.19.196.11]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by data.antarean.org (Postfix) with ESMTPSA id 0A2004C for ; Thu, 22 May 2014 14:37:05 +0200 (CEST) From: "J. Roeleveld" To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] systemd seems to have broken logwatch Date: Thu, 22 May 2014 14:36:58 +0200 Message-ID: <1897440.S6VRpdnYQY@andromeda> User-Agent: KMail/4.12.5 (Linux/3.12.13-gentoo; KDE/4.12.5; x86_64; ; ) In-Reply-To: <22299.1400761872@ccs.covici.com> References: <18055.1400748885@ccs.covici.com> <1722791.hTNXh1QDGT@andromeda> <22299.1400761872@ccs.covici.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Ziggo-spambar: ---- X-Ziggo-spamscore: -4.9 X-Ziggo-spamreport: ALL_TRUSTED=-1,BAYES_00=-1.9,PROLO_TRUST_RDNS=-3,RDNS_DYNAMIC=0.982 X-Ziggo-Spam-Status: No X-Spam-Status: No X-Spam-Flag: No X-Archives-Salt: d60f8498-584d-4725-a884-9717e7dbf8ae X-Archives-Hash: ba3f2b0153f084a2c2f5f51ce30da33f On Thursday, May 22, 2014 08:31:12 AM covici@ccs.covici.com wrote: > J. Roeleveld wrote: > > On Thursday, May 22, 2014 04:54:45 AM covici@ccs.covici.com wrote: > > > Hi. I am having a strange problem running under systemd since Monday. > > > I use logwatch to get nice summaries of things going on in the system, > > > it gives me once a day summaries of such things. When running under > > > openrc, I used to get a summary of sshd activity, so I could see the > > > failed logins and the users that actually logged in via ssh. I was > > > using the sysklogd package and am still using it, although I had to > > > listen on a different socket. But now the sshd entries are totally gone > > > and I wonder how to get them back? For instance, I am no longer > > > getting the accepted public key messages anywhere. > > > > > > Thanks in advance for any suggestions. > > > > Did you configure logwatch to read from systemd (not sure if this is > > possible) or systemd to write the logs to sysklogd? > > > > Systemd uses it's own binary format for the logging by default. > > I have sysklogd and friends listen on the journal socket rather on the > original socket which systemd has taken over. Strange but someone told > me that they were getting those messages with syslogng (name may be not > correct), but it still does not make sense to me. syslogng != sysklogd. Both are different packages. It could be that sysklogd does not work well with systemd. -- Joost