On Mon, Feb 23, 2015 at 11:49 AM, wrote: > > Canek Peláez Valdés wrote: > > > On Mon, Feb 23, 2015 at 3:41 AM, wrote: > > > > > > Marc Joliet wrote: > > > > > > > Am Mon, 23 Feb 2015 00:41:50 +0100 > > > > schrieb lee : > > > > > > > > > Neil Bothwick writes: > > > > > > > > > > > On Wed, 18 Feb 2015 21:49:54 +0100, lee wrote: > > > > > > > > > > > >> > I wonder if the OP is using systemd and trying to read the > > journal > > > > > >> > files? > > > > > >> > > > > > >> Nooo, I hate systemd ... > > > > > >> > > > > > >> What good are log files you can't read? > > > > > > > > > > > > You can't read syslog-ng log files without some reading software, > > usually > > > > > > a combination of cat, grep and less. systemd does it all with > > journalctl. > > > > > > > > > > > > There are good reasons to not use systemd, this isn't one of them. > > > > > > > > > > To me it is one of the good reasons, and an important one. Plain text > > > > > can usually always be read without further ado, be it from rescue > > > > > systems you booted or with software available on different operating > > > > > systems. It can be also be processed with scripts and sent as email. > > > > > You can probably even read it on your cell phone. You can still read > > > > > log files that were created 20 years ago when they are plain text. > > > > > > > > > > Can you do all that with the binary files created by systemd? I can't > > > > > even read them on a working system. > > > > > > > > What Canek and Rich already said is good, but I'll just add this: it's > > not like > > > > you can't run a classic syslog implementation alongside the systemd > > journal. > > > > On my systems, by *default*, syslog-ng kept working as usual, getting > > the logs > > > > from the systemd journal. If you want to go further, you can even > > configure > > > > the journal to not store logs permanently, so that you *only* end up > > with > > > > plain-text logs on your system (Duncan on gentoo-amd64 went this way). > > > > > > > > So no, the format that the systemd journal uses is most decidedly *not* > > a reason > > > > against using systemd. > > > > > > > > Personally, I'm probably going to uninstall syslog-ng, because > > journalctl is > > > > *such* a nice way to read logs, so why run something whose output I'll > > never > > > > read again? I recommend reading > > > > http://0pointer.net/blog/projects/journalctl.html for examples of the > > kind of > > > > stuff you can do that would be cumbersome, if not *impossible* with > > regular > > > > syslog. > > > > > > Except that I get lots of messages about the system journal missing > > > messages when forwarding to syslog, so how can I make sure this does not > > > happening? > > > > Could you please show those messages? systemd sends *everything* to the > > journal, and then the journal (optionally) can send it too to a regular > > syslog. In that sense, it's impossible for the journal to miss any message. > > > > The only way in which the journal could miss messages is at very early boot > > stages; but with a proper initramfs (like the ones generated with dracut), > > even those get caught. You get to put an instance of systemd and the > > journal inside the initramfs, and so it's available almost from the > > beginning. > > > > And if you use gummiboot, then you can even log from the moment the UEFI > > firmware comes to life. > > So, I get lots of messages in my regular syslog-ng /var/log/messages > like the following: > Feb 23 12:47:52 ccs.covici.com systemd-journal[715]: Forwarding to > syslog missed 15 messages. > > So, I saw a post on Google to up the queue length, and I uped it to 200, > but no joy, still get the messages like the one above. Are you using the unit file provided by syslog-ng (systemd-delta doesn't mention syslog)? Also, is /etc/systemd/system/syslog.service is a link to /usr/lib/systemd/system/syslog-ng.service? I do, and I don't get any of those messages. I use the default journal configuration. According to [1], this should be fixed. Regards. https://github.com/balabit/syslog-ng/issues/314 -- Canek Peláez Valdés Profesor de asignatura, Facultad de Ciencias Universidad Nacional Autónoma de México