From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-161975-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 8FB7E138A1A
	for <garchives@archives.gentoo.org>; Mon,  9 Feb 2015 14:27:00 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 1307FE09B1;
	Mon,  9 Feb 2015 14:26:55 +0000 (UTC)
Received: from mail0131.smtp25.com (mail0131.smtp25.com [75.126.84.131])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 01B55E0968
	for <gentoo-user@lists.gentoo.org>; Mon,  9 Feb 2015 14:26:53 +0000 (UTC)
Received: from ccs.covici.com (d-out-001.smtp25.com [67.228.158.174] (may be forged))
	by d-out-001.smtp25.com (8.14.9/8.14.9) with ESMTP id t19EQqgm008812
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL)
	for <gentoo-user@lists.gentoo.org>; Mon, 9 Feb 2015 09:26:52 -0500
Received: from ccs.covici.com (localhost [127.0.0.1])
	by ccs.covici.com (8.14.9/8.14.8) with ESMTP id t19EQp4G030643
	for <gentoo-user@lists.gentoo.org>; Mon, 9 Feb 2015 09:26:51 -0500
From: covici@ccs.covici.com
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] I don't seem to have a system log. Help, please!
In-reply-to: <CAGfcS_nt+TSxotgq=PsXnDPhjuUfmO37TaJMisx9afnNMBLgyQ@mail.gmail.com>
References: <20150209094818.GA3218@acm.fritz.box> <54D886B2.3060302@hanft.de> <CAGfcS_knDidbgS6dLbRYU6pBFWEA6MU+DnfwTJCz-beNjrZE1w@mail.gmail.com> <201502091150.01015.michaelkintzios@gmail.com> <54D89F96.3000503@alectenharmsel.com> <CAGfcS_nt+TSxotgq=PsXnDPhjuUfmO37TaJMisx9afnNMBLgyQ@mail.gmail.com>
Comments: In-reply-to Rich Freeman <rich0@gentoo.org>
   message dated "Mon, 09 Feb 2015 08:02:48 -0500."
X-Mailer: MH-E 8.5; nmh 1.6; GNU Emacs 23.4.1
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <30641.1423492011.1@ccs.covici.com>
Content-Transfer-Encoding: quoted-printable
Date: Mon, 09 Feb 2015 09:26:51 -0500
Message-ID: <30642.1423492011@ccs.covici.com>
X-SpamH-OriginatingIP: 70.109.53.110
X-SpamH-Filter: d-out-001.smtp25.com-t19EQqgm008812
X-Archives-Salt: aaf3764e-9c76-4f74-9e88-65b07edef224
X-Archives-Hash: f78b86e1d8b2ca9a07468675ed4ca3b3

Rich Freeman <rich0@gentoo.org> wrote:

> On Mon, Feb 9, 2015 at 6:52 AM, Alec Ten Harmsel
> <alec@alectenharmsel.com> wrote:
> >
> > On 02/09/2015 06:49 AM, Mick wrote:
> >> On Monday 09 Feb 2015 11:23:15 Rich Freeman wrote:
> >>> You don't have to export them from anything unless you need their
> >>> content in a text file.  If you just run "journalctl" that is the
> >>> equivalent of typing cat /var/log/messages.  If you do want to parse
> >>> them with an external tool then you get your choice of several text
> >>> formats and json.
> >> The thing is I never use cat.  I invariably use less, rview, or grep,=
 to
> >> browse or search the log files.
> >>
> >> How will this work with journalctl, will I have to export them first =
into a
> >> different format?
> >>
> >
> > You can run `journalctl | grep whatever`. I don't know what rview is,
> > but as long as whatever you're using supports pipes you should be fine=
.
> >
> =

> Keep in mind that if you're grepping logs, there is probably a better
> way to accomplish what you want to do with journalctl's options.
> Finding all output from a particular daemon is going to be more
> reliable if you filter by unit, versus getting verbose log output from
> your mail server that has "mysql" somewhere in it or whatever.  That
> is the main reason for using a binary log format.
> =

> But, yes, you can just pipe the output into the tool of your choice.
> If you keep a lot of logs like I do it might be wiser to prefilter it
> a bit, such as by adding -b to the options to limit it to entries
> since the last reboot.
> =

> I also tend to keep a journalctl -f running in a screen session, which
> is the equivalent of a tail -f.
> =

> If you're using an automated tool you can also use cursors to bookmark
> the last entry you read and then ask journalctl for entries since that
> one.  Of course, an automated tool would probably just read the logs
> via dbus or whatever (I haven't taken the time to look into the APIs).

I wonder if the original poster is using systemd?  Also, I find
journalctl very clumsy to find things about a specific program, such as
mail logs or whatever -- unless I am missing something.  I use
syslog-ng, although I get a lot of messages which say forwarding to
syslog missed n messages from system journal, so maybe its a problem,
but how would you use logwatch without something like syslog-ng?
-- =

Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

         John Covici
         covici@ccs.covici.com