[gentoo-user] systemd seems to have broken logwatch

[gentoo-user] systemd seems to have broken logwatch

[covici]

Hi.  I am having a strange problem running under systemd since Monday.
I use logwatch to get nice summaries of things going on in the system,
it gives me once a day summaries of such things.  When running under
openrc, I used to get a summary of sshd activity, so I could see the
failed logins and the users that actually logged in via ssh.  I was
using the sysklogd package and am still using it, although I had to
listen on a different socket.  But now the sshd entries are totally gone
and I wonder how to get them back?    For instance, I am no longer
getting the accepted public key messages anywhere.

Thanks in advance for any suggestions.

-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

         John Covici
         covici@ccs.covici.com

Re: [gentoo-user] systemd seems to have broken logwatch

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 875 bytes --]

On Thu, 22 May 2014 04:54:45 -0400, covici@ccs.covici.com wrote:

> Hi.  I am having a strange problem running under systemd since Monday.
> I use logwatch to get nice summaries of things going on in the system,
> it gives me once a day summaries of such things.  When running under
> openrc, I used to get a summary of sshd activity, so I could see the
> failed logins and the users that actually logged in via ssh.  I was
> using the sysklogd package and am still using it, although I had to
> listen on a different socket.  But now the sshd entries are totally gone
> and I wonder how to get them back?    For instance, I am no longer
> getting the accepted public key messages anywhere.

I use syslog-ng with systemd and logcheck still show reports for sshd, so
this may be specific to sysklogd.


-- 
Neil Bothwick

Electricians DO IT until it Hz...

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] systemd seems to have broken logwatch

[J. Roeleveld]

On Thursday, May 22, 2014 04:54:45 AM covici@ccs.covici.com wrote:
> Hi.  I am having a strange problem running under systemd since Monday.
> I use logwatch to get nice summaries of things going on in the system,
> it gives me once a day summaries of such things.  When running under
> openrc, I used to get a summary of sshd activity, so I could see the
> failed logins and the users that actually logged in via ssh.  I was
> using the sysklogd package and am still using it, although I had to
> listen on a different socket.  But now the sshd entries are totally gone
> and I wonder how to get them back?    For instance, I am no longer
> getting the accepted public key messages anywhere.
> 
> Thanks in advance for any suggestions.

Did you configure logwatch to read from systemd (not sure if this is possible) 
or systemd to write the logs to sysklogd?

Systemd uses it's own binary format for the logging by default.

--
Joost

Re: [gentoo-user] systemd seems to have broken logwatch

[covici]

J. Roeleveld <joost@antarean.org> wrote:

> On Thursday, May 22, 2014 04:54:45 AM covici@ccs.covici.com wrote:
> > Hi.  I am having a strange problem running under systemd since Monday.
> > I use logwatch to get nice summaries of things going on in the system,
> > it gives me once a day summaries of such things.  When running under
> > openrc, I used to get a summary of sshd activity, so I could see the
> > failed logins and the users that actually logged in via ssh.  I was
> > using the sysklogd package and am still using it, although I had to
> > listen on a different socket.  But now the sshd entries are totally gone
> > and I wonder how to get them back?    For instance, I am no longer
> > getting the accepted public key messages anywhere.
> > 
> > Thanks in advance for any suggestions.
> 
> Did you configure logwatch to read from systemd (not sure if this is possible) 
> or systemd to write the logs to sysklogd?
> 
> Systemd uses it's own binary format for the logging by default.
I have sysklogd and friends listen on the journal socket rather on the
original socket which systemd has taken over.  Strange but someone told
me that they were getting those messages with syslogng (name may be not
correct), but it still does not make sense to me.

-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

         John Covici
         covici@ccs.covici.com

Re: [gentoo-user] systemd seems to have broken logwatch

[J. Roeleveld]

On Thursday, May 22, 2014 08:31:12 AM covici@ccs.covici.com wrote:
> J. Roeleveld <joost@antarean.org> wrote:
> > On Thursday, May 22, 2014 04:54:45 AM covici@ccs.covici.com wrote:
> > > Hi.  I am having a strange problem running under systemd since Monday.
> > > I use logwatch to get nice summaries of things going on in the system,
> > > it gives me once a day summaries of such things.  When running under
> > > openrc, I used to get a summary of sshd activity, so I could see the
> > > failed logins and the users that actually logged in via ssh.  I was
> > > using the sysklogd package and am still using it, although I had to
> > > listen on a different socket.  But now the sshd entries are totally gone
> > > and I wonder how to get them back?    For instance, I am no longer
> > > getting the accepted public key messages anywhere.
> > > 
> > > Thanks in advance for any suggestions.
> > 
> > Did you configure logwatch to read from systemd (not sure if this is
> > possible) or systemd to write the logs to sysklogd?
> > 
> > Systemd uses it's own binary format for the logging by default.
> 
> I have sysklogd and friends listen on the journal socket rather on the
> original socket which systemd has taken over.  Strange but someone told
> me that they were getting those messages with syslogng (name may be not
> correct), but it still does not make sense to me.

syslogng != sysklogd.
Both are different packages. It could be that sysklogd does not work well with 
systemd.

--
Joost