From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id A8CD4138A87 for ; Mon, 23 Feb 2015 16:18:41 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 7C9DDE0857; Mon, 23 Feb 2015 16:18:36 +0000 (UTC) Received: from mail-ig0-f174.google.com (mail-ig0-f174.google.com [209.85.213.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 69941E0848 for ; Mon, 23 Feb 2015 16:18:34 +0000 (UTC) Received: by mail-ig0-f174.google.com with SMTP id b16so19400410igk.1 for ; Mon, 23 Feb 2015 08:18:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=9YcO8LWwaea6BGlVXONYR/PX+YYIRlVEVQSZOsEJ+TY=; b=nk+uM0iXfFDV8i+kDHRXne6gD3zxRUeDx1eYu5OSBceLZbsoP+dPkgltKruIALLWSw PRN/knocEYyXBFEEmwygsDfVJA3ovB+gIr9jegpwJ5blPh12utjXElfbj0xcJKdnQO91 wed5TAFM2n2HP7TF/7Ty4WxMfXRPw1/Ej1N6FgVZq7xe27JLoJiXLUiRX1tlhNBjazRj hLwAnj+GRxW1KhvqN08sN2/XRniYa6laVRCS4U1AxDfgtQ0MqB8IrSwa12fCF/9c1P32 BOncCbprrxBySespagGvXSBapvdjIZbw8bifQlr6KNl8iBYRxyyWXo2602U4ZgRFqgte iy/g== X-Received: by 10.107.14.141 with SMTP id 135mr4676869ioo.15.1424708314234; Mon, 23 Feb 2015 08:18:34 -0800 (PST) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.107.149.149 with HTTP; Mon, 23 Feb 2015 08:18:14 -0800 (PST) In-Reply-To: <16447.1424680874@ccs.covici.com> References: <87lhjws8ci.fsf@heimdali.yagibdah.de> <28267.1424201355@ccs.covici.com> <87d257q7en.fsf@heimdali.yagibdah.de> <20150218223115.7fb56f66@digimed.co.uk> <87vbitldj5.fsf@heimdali.yagibdah.de> <20150223091529.656c0008@marcec.fritz.box> <16447.1424680874@ccs.covici.com> From: =?UTF-8?B?Q2FuZWsgUGVsw6FleiBWYWxkw6lz?= Date: Mon, 23 Feb 2015 10:18:14 -0600 Message-ID: Subject: Re: [gentoo-user] syslog-ng: how to read the log files To: gentoo-user@lists.gentoo.org Content-Type: multipart/alternative; boundary=001a113fefc2fa83d5050fc3c025 X-Archives-Salt: bf541290-b44b-469d-b7ac-59f0d3e9d07a X-Archives-Hash: 17b0ee6c8efbdafa7fbf5972ade3ec54 --001a113fefc2fa83d5050fc3c025 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Mon, Feb 23, 2015 at 3:41 AM, wrote: > > Marc Joliet wrote: > > > Am Mon, 23 Feb 2015 00:41:50 +0100 > > schrieb lee : > > > > > Neil Bothwick writes: > > > > > > > On Wed, 18 Feb 2015 21:49:54 +0100, lee wrote: > > > > > > > >> > I wonder if the OP is using systemd and trying to read the journal > > > >> > files? > > > >> > > > >> Nooo, I hate systemd ... > > > >> > > > >> What good are log files you can't read? > > > > > > > > You can't read syslog-ng log files without some reading software, usually > > > > a combination of cat, grep and less. systemd does it all with journalctl. > > > > > > > > There are good reasons to not use systemd, this isn't one of them. > > > > > > To me it is one of the good reasons, and an important one. Plain tex= t > > > can usually always be read without further ado, be it from rescue > > > systems you booted or with software available on different operating > > > systems. It can be also be processed with scripts and sent as email. > > > You can probably even read it on your cell phone. You can still read > > > log files that were created 20 years ago when they are plain text. > > > > > > Can you do all that with the binary files created by systemd? I can'= t > > > even read them on a working system. > > > > What Canek and Rich already said is good, but I'll just add this: it's not like > > you can't run a classic syslog implementation alongside the systemd journal. > > On my systems, by *default*, syslog-ng kept working as usual, getting the logs > > from the systemd journal. If you want to go further, you can even configure > > the journal to not store logs permanently, so that you *only* end up with > > plain-text logs on your system (Duncan on gentoo-amd64 went this way). > > > > So no, the format that the systemd journal uses is most decidedly *not* a reason > > against using systemd. > > > > Personally, I'm probably going to uninstall syslog-ng, because journalctl is > > *such* a nice way to read logs, so why run something whose output I'll never > > read again? I recommend reading > > http://0pointer.net/blog/projects/journalctl.html for examples of the kind of > > stuff you can do that would be cumbersome, if not *impossible* with regular > > syslog. > > Except that I get lots of messages about the system journal missing > messages when forwarding to syslog, so how can I make sure this does not > happening? Could you please show those messages? systemd sends *everything* to the journal, and then the journal (optionally) can send it too to a regular syslog. In that sense, it's impossible for the journal to miss any message. The only way in which the journal could miss messages is at very early boot stages; but with a proper initramfs (like the ones generated with dracut), even those get caught. You get to put an instance of systemd and the journal inside the initramfs, and so it's available almost from the beginning. And if you use gummiboot, then you can even log from the moment the UEFI firmware comes to life. Regards. -- Canek Pel=C3=A1ez Vald=C3=A9s Profesor de asignatura, Facultad de Ciencias Universidad Nacional Aut=C3=B3noma de M=C3=A9xico --001a113fefc2fa83d5050fc3c025 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
On Mon, Feb 23, 2015 at 3:41 AM, <covici@ccs.covici.com> wrote:
>
> Ma= rc Joliet <marcec@gmx.de> wrote:=
>
> > Am Mon, 23 Feb 2015 00:41:50 +0100
> > schri= eb lee <lee@yagibdah.de>:
&= gt; >
> > > Neil Bothwick <neil@digimed.co.uk> writes:
> > >
> > &= gt; > On Wed, 18 Feb 2015 21:49:54 +0100, lee wrote:
> > > &= gt;
> > > >> > I wonder if the OP is using systemd and= trying to read the journal
> > > >> > files?
> = > > >>
> > > >> Nooo, I hate systemd ...
&= gt; > > >>
> > > >> What good are log files y= ou can't read?
> > > >
> > > > You can= 9;t read syslog-ng log files without some reading software, usually
>= > > > a combination of cat, grep and less. systemd does it all wi= th journalctl.
> > > >
> > > > There are good= reasons to not use systemd, this isn't one of them.
> > ><= br>> > > To me it is one of the good reasons, and an important one= .=C2=A0 Plain text
> > > can usually always be read without fur= ther ado, be it from rescue
> > > systems you booted or with so= ftware available on different operating
> > > systems.=C2=A0 It= can be also be processed with scripts and sent as email.
> > >= You can probably even read it on your cell phone.=C2=A0 You can still read=
> > > log files that were created 20 years ago when they are p= lain text.
> > >
> > > Can you do all that with the= binary files created by systemd?=C2=A0 I can't
> > > even = read them on a working system.
> >
> > What Canek and Ric= h already said is good, but I'll just add this: it's not like
&g= t; > you can't run a classic syslog implementation alongside the sys= temd journal.
> > On my systems, by *default*, syslog-ng kept work= ing as usual, getting the logs
> > from the systemd journal.=C2=A0= If you want to go further, you can even configure
> > the journal= to not store logs permanently, so that you *only* end up with
> >= plain-text logs on your system (Duncan on gentoo-amd64 went this way).
= > >
> > So no, the format that the systemd journal uses is m= ost decidedly *not* a reason
> > against using systemd.
> &g= t;
> > Personally, I'm probably going to uninstall syslog-ng, = because journalctl is
> > *such* a nice way to read logs, so why r= un something whose output I'll never
> > read again?=C2=A0 I r= ecommend reading
> > http://0pointer.net/blog/projects/journalctl.html for = examples of the kind of
> > stuff you can do that would be cumbers= ome, if not *impossible* with regular
> > syslog.
>
> = Except that I get lots of messages about the system journal missing
>= messages when forwarding to syslog, so how can I make sure this does not> happening?

Could you please show those messages? systemd send= s *everything* to the journal, and then the journal (optionally) can send i= t too to a regular syslog. In that sense, it's impossible for the journ= al to miss any message.

The only way in which the journa= l could miss messages is at very early boot stages; but with a proper initr= amfs (like the ones generated with dracut), even those get caught. You get = to put an instance of systemd and the journal inside the initramfs, and so = it's available almost from the beginning.

And = if you use gummiboot, then you can even log from the moment the UEFI firmwa= re comes to life.

Regards.
--
Canek Pel=C3=A1ez Vald=C3=A9sProfesor de asignatura, Facultad de Ciencias
Universidad Nacional Aut= =C3=B3noma de M=C3=A9xico
--001a113fefc2fa83d5050fc3c025--