From: "Canek Peláez Valdés" <caneko@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] syslog-ng: how to read the log files
Date: Mon, 23 Feb 2015 12:10:18 -0600 [thread overview]
Message-ID: <CADPrc82PvpXuLA62dna6+GvAcoD7WO8Nj_OQ+4MfdK5nXkHJ6w@mail.gmail.com> (raw)
In-Reply-To: <4133.1424713749@ccs.covici.com>
[-- Attachment #1: Type: text/plain, Size: 4462 bytes --]
On Mon, Feb 23, 2015 at 11:49 AM, <covici@ccs.covici.com> wrote:
>
> Canek Peláez Valdés <caneko@gmail.com> wrote:
>
> > On Mon, Feb 23, 2015 at 3:41 AM, <covici@ccs.covici.com> wrote:
> > >
> > > Marc Joliet <marcec@gmx.de> wrote:
> > >
> > > > Am Mon, 23 Feb 2015 00:41:50 +0100
> > > > schrieb lee <lee@yagibdah.de>:
> > > >
> > > > > Neil Bothwick <neil@digimed.co.uk> writes:
> > > > >
> > > > > > On Wed, 18 Feb 2015 21:49:54 +0100, lee wrote:
> > > > > >
> > > > > >> > I wonder if the OP is using systemd and trying to read the
> > journal
> > > > > >> > files?
> > > > > >>
> > > > > >> Nooo, I hate systemd ...
> > > > > >>
> > > > > >> What good are log files you can't read?
> > > > > >
> > > > > > You can't read syslog-ng log files without some reading
software,
> > usually
> > > > > > a combination of cat, grep and less. systemd does it all with
> > journalctl.
> > > > > >
> > > > > > There are good reasons to not use systemd, this isn't one of
them.
> > > > >
> > > > > To me it is one of the good reasons, and an important one. Plain
text
> > > > > can usually always be read without further ado, be it from rescue
> > > > > systems you booted or with software available on different
operating
> > > > > systems. It can be also be processed with scripts and sent as
email.
> > > > > You can probably even read it on your cell phone. You can still
read
> > > > > log files that were created 20 years ago when they are plain text.
> > > > >
> > > > > Can you do all that with the binary files created by systemd? I
can't
> > > > > even read them on a working system.
> > > >
> > > > What Canek and Rich already said is good, but I'll just add this:
it's
> > not like
> > > > you can't run a classic syslog implementation alongside the systemd
> > journal.
> > > > On my systems, by *default*, syslog-ng kept working as usual,
getting
> > the logs
> > > > from the systemd journal. If you want to go further, you can even
> > configure
> > > > the journal to not store logs permanently, so that you *only* end up
> > with
> > > > plain-text logs on your system (Duncan on gentoo-amd64 went this
way).
> > > >
> > > > So no, the format that the systemd journal uses is most decidedly
*not*
> > a reason
> > > > against using systemd.
> > > >
> > > > Personally, I'm probably going to uninstall syslog-ng, because
> > journalctl is
> > > > *such* a nice way to read logs, so why run something whose output
I'll
> > never
> > > > read again? I recommend reading
> > > > http://0pointer.net/blog/projects/journalctl.html for examples of
the
> > kind of
> > > > stuff you can do that would be cumbersome, if not *impossible* with
> > regular
> > > > syslog.
> > >
> > > Except that I get lots of messages about the system journal missing
> > > messages when forwarding to syslog, so how can I make sure this does
not
> > > happening?
> >
> > Could you please show those messages? systemd sends *everything* to the
> > journal, and then the journal (optionally) can send it too to a regular
> > syslog. In that sense, it's impossible for the journal to miss any
message.
> >
> > The only way in which the journal could miss messages is at very early
boot
> > stages; but with a proper initramfs (like the ones generated with
dracut),
> > even those get caught. You get to put an instance of systemd and the
> > journal inside the initramfs, and so it's available almost from the
> > beginning.
> >
> > And if you use gummiboot, then you can even log from the moment the UEFI
> > firmware comes to life.
>
> So, I get lots of messages in my regular syslog-ng /var/log/messages
> like the following:
> Feb 23 12:47:52 ccs.covici.com systemd-journal[715]: Forwarding to
> syslog missed 15 messages.
>
> So, I saw a post on Google to up the queue length, and I uped it to 200,
> but no joy, still get the messages like the one above.
Are you using the unit file provided by syslog-ng (systemd-delta doesn't
mention syslog)? Also, is /etc/systemd/system/syslog.service is a link
to /usr/lib/systemd/system/syslog-ng.service?
I do, and I don't get any of those messages. I use the default journal
configuration. According to [1], this should be fixed.
Regards.
https://github.com/balabit/syslog-ng/issues/314
--
Canek Peláez Valdés
Profesor de asignatura, Facultad de Ciencias
Universidad Nacional Autónoma de México
[-- Attachment #2: Type: text/html, Size: 6183 bytes --]
next prev parent reply other threads:[~2015-02-23 18:10 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-17 18:26 [gentoo-user] syslog-ng: how to read the log files lee
2015-02-17 18:37 ` Rich Freeman
2015-02-17 18:38 ` Alexander Kapshuk
2015-02-17 19:09 ` Alexander Kapshuk
2015-02-17 19:29 ` covici
2015-02-17 19:45 ` Canek Peláez Valdés
2015-02-17 22:31 ` Marc Joliet
2015-02-18 19:01 ` systemd journal location (was: Re: [gentoo-user] syslog-ng: how to read the log files) Marc Joliet
2015-02-18 18:22 ` [gentoo-user] syslog-ng: how to read the log files gottlieb
2015-02-18 18:53 ` Canek Peláez Valdés
2015-02-18 22:43 ` gottlieb
2015-02-18 20:49 ` lee
2015-02-18 22:31 ` Neil Bothwick
2015-02-22 23:41 ` lee
2015-02-23 0:19 ` Canek Peláez Valdés
2015-05-04 5:57 ` lee
2015-05-04 14:56 ` Tom H
2015-05-09 15:01 ` lee
2015-05-09 16:00 ` Peter Humphrey
2015-02-23 0:37 ` Rich Freeman
2015-05-04 6:09 ` lee
2015-02-23 8:15 ` Marc Joliet
2015-02-23 8:41 ` covici
2015-02-23 16:18 ` Canek Peláez Valdés
2015-02-23 17:49 ` covici
2015-02-23 18:10 ` Canek Peláez Valdés [this message]
2015-02-23 19:19 ` Marc Joliet
2015-02-23 19:31 ` covici
2015-02-23 19:35 ` Canek Peláez Valdés
2015-02-23 20:07 ` covici
2015-02-23 23:18 ` covici
2015-02-23 23:29 ` Neil Bothwick
2015-02-24 0:50 ` Peter Humphrey
2015-02-24 7:21 ` Marc Joliet
2015-02-24 9:57 ` Matti Nykyri
2015-02-23 19:26 ` covici
2015-05-04 6:14 ` lee
2015-05-04 11:24 ` Rich Freeman
2015-05-09 15:08 ` lee
2015-05-09 18:07 ` Rich Freeman
2015-05-10 17:51 ` [gentoo-user] " »Q«
2015-02-17 18:41 ` [gentoo-user] " Matti Nykyri
2015-02-17 22:51 ` Peter Humphrey
2015-02-17 23:13 ` Peter Humphrey
2015-02-17 23:23 ` Jan Sever
2015-02-17 23:54 ` Peter Humphrey
2015-02-18 7:38 ` Mick
2015-02-18 9:38 ` Peter Humphrey
2015-02-17 23:52 ` Rich Freeman
2015-02-17 23:55 ` Peter Humphrey
2015-02-17 19:02 ` [gentoo-user] " Nikos Chantziaras
2015-02-17 19:02 ` [gentoo-user] " Alan Mackenzie
2015-02-17 19:17 ` lee
2015-02-17 22:01 ` Mick
2015-02-18 13:29 ` Stroller
2015-02-18 20:40 ` lee
2015-02-18 21:33 ` Stroller
2015-02-22 23:48 ` lee
2015-02-23 0:21 ` Canek Peláez Valdés
2015-02-23 2:57 ` Dale
2015-02-23 3:06 ` Peter Humphrey
2015-02-23 4:28 ` Dale
2015-02-23 10:13 ` Peter Humphrey
2015-02-24 19:30 ` Stroller
2015-02-19 19:02 ` Fernando Rodriguez
2015-02-19 19:11 ` Jan Sever
2015-02-23 0:03 ` lee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CADPrc82PvpXuLA62dna6+GvAcoD7WO8Nj_OQ+4MfdK5nXkHJ6w@mail.gmail.com \
--to=caneko@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox