From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id A2925138A87 for ; Mon, 23 Feb 2015 18:10:46 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8B14DE0876; Mon, 23 Feb 2015 18:10:40 +0000 (UTC) Received: from mail-ig0-f181.google.com (mail-ig0-f181.google.com [209.85.213.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 6985FE0856 for ; Mon, 23 Feb 2015 18:10:39 +0000 (UTC) Received: by mail-ig0-f181.google.com with SMTP id hn18so20403707igb.2 for ; Mon, 23 Feb 2015 10:10:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=2a4zwrvZVnazO8q0sq5zGp2CV78YO3obR2BVyGq0g+I=; b=t1ttSVOZxlDFyZinIHrgT7c2Pl6UZalDEsOrO6Ra2jESTryyqbIdhAZc5D4tQ0t4// foNAdfE1e/E30ND1xPD5CF5bUyjG6BBDlv3SphrpRBEWG0DKCRKyP8Moby3bUq3ZJK8y +5BzpFnZODiEp4fmljHJJ/6KUI6aVRvckDNANe8UCLun56WBsd2ii5ccdNQDU69HNwHi QvZNE9Y2oNjk1VQ39EXwVbpsKCp7Au8JmchfawWtyMLSfAv6hlxMuv/0l9AB/R+Exy2s Ofp7DYILtONnur4KbgNLQXtFL3G2BfrmQARNZ26b0DAh14uGtOwmm1qm2k7ynKHCFXDc 7BfA== X-Received: by 10.107.156.19 with SMTP id f19mr15621411ioe.45.1424715038610; Mon, 23 Feb 2015 10:10:38 -0800 (PST) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.107.149.149 with HTTP; Mon, 23 Feb 2015 10:10:18 -0800 (PST) In-Reply-To: <4133.1424713749@ccs.covici.com> References: <87lhjws8ci.fsf@heimdali.yagibdah.de> <28267.1424201355@ccs.covici.com> <87d257q7en.fsf@heimdali.yagibdah.de> <20150218223115.7fb56f66@digimed.co.uk> <87vbitldj5.fsf@heimdali.yagibdah.de> <20150223091529.656c0008@marcec.fritz.box> <16447.1424680874@ccs.covici.com> <4133.1424713749@ccs.covici.com> From: =?UTF-8?B?Q2FuZWsgUGVsw6FleiBWYWxkw6lz?= Date: Mon, 23 Feb 2015 12:10:18 -0600 Message-ID: Subject: Re: [gentoo-user] syslog-ng: how to read the log files To: gentoo-user@lists.gentoo.org Content-Type: multipart/alternative; boundary=001a1141b9acc85ae3050fc5511c X-Archives-Salt: f636c313-6ed3-4265-8d00-622873095588 X-Archives-Hash: c1109104329f93ebf23a5651158d0a46 --001a1141b9acc85ae3050fc5511c Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Mon, Feb 23, 2015 at 11:49 AM, wrote: > > Canek Pel=C3=A1ez Vald=C3=A9s wrote: > > > On Mon, Feb 23, 2015 at 3:41 AM, wrote: > > > > > > Marc Joliet wrote: > > > > > > > Am Mon, 23 Feb 2015 00:41:50 +0100 > > > > schrieb lee : > > > > > > > > > Neil Bothwick writes: > > > > > > > > > > > On Wed, 18 Feb 2015 21:49:54 +0100, lee wrote: > > > > > > > > > > > >> > I wonder if the OP is using systemd and trying to read the > > journal > > > > > >> > files? > > > > > >> > > > > > >> Nooo, I hate systemd ... > > > > > >> > > > > > >> What good are log files you can't read? > > > > > > > > > > > > You can't read syslog-ng log files without some reading software, > > usually > > > > > > a combination of cat, grep and less. systemd does it all with > > journalctl. > > > > > > > > > > > > There are good reasons to not use systemd, this isn't one of them. > > > > > > > > > > To me it is one of the good reasons, and an important one. Plain text > > > > > can usually always be read without further ado, be it from rescue > > > > > systems you booted or with software available on different operating > > > > > systems. It can be also be processed with scripts and sent as email. > > > > > You can probably even read it on your cell phone. You can still read > > > > > log files that were created 20 years ago when they are plain text= . > > > > > > > > > > Can you do all that with the binary files created by systemd? I can't > > > > > even read them on a working system. > > > > > > > > What Canek and Rich already said is good, but I'll just add this: it's > > not like > > > > you can't run a classic syslog implementation alongside the systemd > > journal. > > > > On my systems, by *default*, syslog-ng kept working as usual, getting > > the logs > > > > from the systemd journal. If you want to go further, you can even > > configure > > > > the journal to not store logs permanently, so that you *only* end u= p > > with > > > > plain-text logs on your system (Duncan on gentoo-amd64 went this way). > > > > > > > > So no, the format that the systemd journal uses is most decidedly *not* > > a reason > > > > against using systemd. > > > > > > > > Personally, I'm probably going to uninstall syslog-ng, because > > journalctl is > > > > *such* a nice way to read logs, so why run something whose output I'll > > never > > > > read again? I recommend reading > > > > http://0pointer.net/blog/projects/journalctl.html for examples of the > > kind of > > > > stuff you can do that would be cumbersome, if not *impossible* with > > regular > > > > syslog. > > > > > > Except that I get lots of messages about the system journal missing > > > messages when forwarding to syslog, so how can I make sure this does not > > > happening? > > > > Could you please show those messages? systemd sends *everything* to the > > journal, and then the journal (optionally) can send it too to a regular > > syslog. In that sense, it's impossible for the journal to miss any message. > > > > The only way in which the journal could miss messages is at very early boot > > stages; but with a proper initramfs (like the ones generated with dracut), > > even those get caught. You get to put an instance of systemd and the > > journal inside the initramfs, and so it's available almost from the > > beginning. > > > > And if you use gummiboot, then you can even log from the moment the UEF= I > > firmware comes to life. > > So, I get lots of messages in my regular syslog-ng /var/log/messages > like the following: > Feb 23 12:47:52 ccs.covici.com systemd-journal[715]: Forwarding to > syslog missed 15 messages. > > So, I saw a post on Google to up the queue length, and I uped it to 200, > but no joy, still get the messages like the one above. Are you using the unit file provided by syslog-ng (systemd-delta doesn't mention syslog)? Also, is /etc/systemd/system/syslog.service is a link to /usr/lib/systemd/system/syslog-ng.service? I do, and I don't get any of those messages. I use the default journal configuration. According to [1], this should be fixed. Regards. https://github.com/balabit/syslog-ng/issues/314 -- Canek Pel=C3=A1ez Vald=C3=A9s Profesor de asignatura, Facultad de Ciencias Universidad Nacional Aut=C3=B3noma de M=C3=A9xico --001a1141b9acc85ae3050fc5511c Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
On Mon, Feb 23, 2015 at 11:49 AM, <covici@ccs.covici.com> wrote:
>
> C= anek Pel=C3=A1ez Vald=C3=A9s <caneko= @gmail.com> wrote:
>
> > On Mon, Feb 23, 2015 at 3:41= AM, <covici@ccs.covici.com= > wrote:
> > >
> > > Marc Joliet <marcec@gmx.de> wrote:
> > >
>= ; > > > Am Mon, 23 Feb 2015 00:41:50 +0100
> > > > = schrieb lee <lee@yagibdah.de>:=
> > > >
> > > > > Neil Bothwick <neil@digimed.co.uk> writes:
>= > > > >
> > > > > > On Wed, 18 Feb 2015 2= 1:49:54 +0100, lee wrote:
> > > > > >
> > >= ; > > >> > I wonder if the OP is using systemd and trying to= read the
> > journal
> > > > > >> > fi= les?
> > > > > >>
> > > > > >&= gt; Nooo, I hate systemd ...
> > > > > >>
> &= gt; > > > >> What good are log files you can't read?
= > > > > > >
> > > > > > You can'= t read syslog-ng log files without some reading software,
> > usua= lly
> > > > > > a combination of cat, grep and less. s= ystemd does it all with
> > journalctl.
> > > > >= ; >
> > > > > > There are good reasons to not use s= ystemd, this isn't one of them.
> > > > >
> >= ; > > > To me it is one of the good reasons, and an important one.= =C2=A0 Plain text
> > > > > can usually always be read wi= thout further ado, be it from rescue
> > > > > systems yo= u booted or with software available on different operating
> > >= ; > > systems.=C2=A0 It can be also be processed with scripts and sen= t as email.
> > > > > You can probably even read it on yo= ur cell phone.=C2=A0 You can still read
> > > > > log fil= es that were created 20 years ago when they are plain text.
> > &g= t; > >
> > > > > Can you do all that with the binar= y files created by systemd?=C2=A0 I can't
> > > > > e= ven read them on a working system.
> > > >
> > >= > What Canek and Rich already said is good, but I'll just add this:= it's
> > not like
> > > > you can't run a = classic syslog implementation alongside the systemd
> > journal.> > > > On my systems, by *default*, syslog-ng kept working a= s usual, getting
> > the logs
> > > > from the syst= emd journal.=C2=A0 If you want to go further, you can even
> > con= figure
> > > > the journal to not store logs permanently, so= that you *only* end up
> > with
> > > > plain-text= logs on your system (Duncan on gentoo-amd64 went this way).
> > &= gt; >
> > > > So no, the format that the systemd journal = uses is most decidedly *not*
> > a reason
> > > > a= gainst using systemd.
> > > >
> > > > Persona= lly, I'm probably going to uninstall syslog-ng, because
> > jo= urnalctl is
> > > > *such* a nice way to read logs, so why r= un something whose output I'll
> > never
> > > >= ; read again?=C2=A0 I recommend reading
> > > > http://0pointer.net/blog/= projects/journalctl.html for examples of the
> > kind of
&g= t; > > > stuff you can do that would be cumbersome, if not *imposs= ible* with
> > regular
> > > > syslog.
> >= >
> > > Except that I get lots of messages about the system= journal missing
> > > messages when forwarding to syslog, so h= ow can I make sure this does not
> > > happening?
> ><= br>> > Could you please show those messages? systemd sends *everythin= g* to the
> > journal, and then the journal (optionally) can send = it too to a regular
> > syslog. In that sense, it's impossible= for the journal to miss any message.
> >
> > The only wa= y in which the journal could miss messages is at very early boot
> &g= t; stages; but with a proper initramfs (like the ones generated with dracut= ),
> > even those get caught. You get to put an instance of system= d and the
> > journal inside the initramfs, and so it's availa= ble almost from the
> > beginning.
> >
> > And i= f you use gummiboot, then you can even log from the moment the UEFI
>= > firmware comes to life.
>
> So, I get lots of messages in= my regular syslog-ng /var/log/messages
> like the following:
>= Feb 23 12:47:52 ccs.covici.com syste= md-journal[715]: Forwarding to
> syslog missed 15 messages.
>> So, I saw a post on Google to up the queue length, and I uped it to = 200,
> but no joy, still get the messages like the one above.

= Are you using the unit file provided by syslog-ng (systemd-delta doesn'= t mention syslog)? Also, is /etc/systemd/system/syslog.service is a link to= =C2=A0/usr/lib/systemd/system/syslog-ng.service?

I do, a= nd I don't get any of those messages. I use the default journal configu= ration. According to [1], this should be fixed.

Regards.

https://github.com/balabit/syslog-ng/issues= /314
--
Canek Pel=C3=A1ez Vald=C3=A9s
Profesor de asignatura, = Facultad de Ciencias
Universidad Nacional Aut=C3=B3noma de M=C3=A9xico
--001a1141b9acc85ae3050fc5511c--