From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 8FB7E138A1A for ; Mon, 9 Feb 2015 14:27:00 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1307FE09B1; Mon, 9 Feb 2015 14:26:55 +0000 (UTC) Received: from mail0131.smtp25.com (mail0131.smtp25.com [75.126.84.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 01B55E0968 for ; Mon, 9 Feb 2015 14:26:53 +0000 (UTC) Received: from ccs.covici.com (d-out-001.smtp25.com [67.228.158.174] (may be forged)) by d-out-001.smtp25.com (8.14.9/8.14.9) with ESMTP id t19EQqgm008812 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Mon, 9 Feb 2015 09:26:52 -0500 Received: from ccs.covici.com (localhost [127.0.0.1]) by ccs.covici.com (8.14.9/8.14.8) with ESMTP id t19EQp4G030643 for ; Mon, 9 Feb 2015 09:26:51 -0500 From: covici@ccs.covici.com To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] I don't seem to have a system log. Help, please! In-reply-to: References: <20150209094818.GA3218@acm.fritz.box> <54D886B2.3060302@hanft.de> <201502091150.01015.michaelkintzios@gmail.com> <54D89F96.3000503@alectenharmsel.com> Comments: In-reply-to Rich Freeman message dated "Mon, 09 Feb 2015 08:02:48 -0500." X-Mailer: MH-E 8.5; nmh 1.6; GNU Emacs 23.4.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <30641.1423492011.1@ccs.covici.com> Content-Transfer-Encoding: quoted-printable Date: Mon, 09 Feb 2015 09:26:51 -0500 Message-ID: <30642.1423492011@ccs.covici.com> X-SpamH-OriginatingIP: 70.109.53.110 X-SpamH-Filter: d-out-001.smtp25.com-t19EQqgm008812 X-Archives-Salt: aaf3764e-9c76-4f74-9e88-65b07edef224 X-Archives-Hash: f78b86e1d8b2ca9a07468675ed4ca3b3 Rich Freeman wrote: > On Mon, Feb 9, 2015 at 6:52 AM, Alec Ten Harmsel > wrote: > > > > On 02/09/2015 06:49 AM, Mick wrote: > >> On Monday 09 Feb 2015 11:23:15 Rich Freeman wrote: > >>> You don't have to export them from anything unless you need their > >>> content in a text file. If you just run "journalctl" that is the > >>> equivalent of typing cat /var/log/messages. If you do want to parse > >>> them with an external tool then you get your choice of several text > >>> formats and json. > >> The thing is I never use cat. I invariably use less, rview, or grep,= to > >> browse or search the log files. > >> > >> How will this work with journalctl, will I have to export them first = into a > >> different format? > >> > > > > You can run `journalctl | grep whatever`. I don't know what rview is, > > but as long as whatever you're using supports pipes you should be fine= . > > > = > Keep in mind that if you're grepping logs, there is probably a better > way to accomplish what you want to do with journalctl's options. > Finding all output from a particular daemon is going to be more > reliable if you filter by unit, versus getting verbose log output from > your mail server that has "mysql" somewhere in it or whatever. That > is the main reason for using a binary log format. > = > But, yes, you can just pipe the output into the tool of your choice. > If you keep a lot of logs like I do it might be wiser to prefilter it > a bit, such as by adding -b to the options to limit it to entries > since the last reboot. > = > I also tend to keep a journalctl -f running in a screen session, which > is the equivalent of a tail -f. > = > If you're using an automated tool you can also use cursors to bookmark > the last entry you read and then ask journalctl for entries since that > one. Of course, an automated tool would probably just read the logs > via dbus or whatever (I haven't taken the time to look into the APIs). I wonder if the original poster is using systemd? Also, I find journalctl very clumsy to find things about a specific program, such as mail logs or whatever -- unless I am missing something. I use syslog-ng, although I get a lot of messages which say forwarding to syslog missed n messages from system journal, so maybe its a problem, but how would you use logwatch without something like syslog-ng? -- = Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici covici@ccs.covici.com