1 |
On Mon, Feb 23, 2015 at 3:41 AM, <covici@××××××××××.com> wrote: |
2 |
> |
3 |
> Marc Joliet <marcec@×××.de> wrote: |
4 |
> |
5 |
> > Am Mon, 23 Feb 2015 00:41:50 +0100 |
6 |
> > schrieb lee <lee@××××××××.de>: |
7 |
> > |
8 |
> > > Neil Bothwick <neil@××××××××××.uk> writes: |
9 |
> > > |
10 |
> > > > On Wed, 18 Feb 2015 21:49:54 +0100, lee wrote: |
11 |
> > > > |
12 |
> > > >> > I wonder if the OP is using systemd and trying to read the |
13 |
journal |
14 |
> > > >> > files? |
15 |
> > > >> |
16 |
> > > >> Nooo, I hate systemd ... |
17 |
> > > >> |
18 |
> > > >> What good are log files you can't read? |
19 |
> > > > |
20 |
> > > > You can't read syslog-ng log files without some reading software, |
21 |
usually |
22 |
> > > > a combination of cat, grep and less. systemd does it all with |
23 |
journalctl. |
24 |
> > > > |
25 |
> > > > There are good reasons to not use systemd, this isn't one of them. |
26 |
> > > |
27 |
> > > To me it is one of the good reasons, and an important one. Plain text |
28 |
> > > can usually always be read without further ado, be it from rescue |
29 |
> > > systems you booted or with software available on different operating |
30 |
> > > systems. It can be also be processed with scripts and sent as email. |
31 |
> > > You can probably even read it on your cell phone. You can still read |
32 |
> > > log files that were created 20 years ago when they are plain text. |
33 |
> > > |
34 |
> > > Can you do all that with the binary files created by systemd? I can't |
35 |
> > > even read them on a working system. |
36 |
> > |
37 |
> > What Canek and Rich already said is good, but I'll just add this: it's |
38 |
not like |
39 |
> > you can't run a classic syslog implementation alongside the systemd |
40 |
journal. |
41 |
> > On my systems, by *default*, syslog-ng kept working as usual, getting |
42 |
the logs |
43 |
> > from the systemd journal. If you want to go further, you can even |
44 |
configure |
45 |
> > the journal to not store logs permanently, so that you *only* end up |
46 |
with |
47 |
> > plain-text logs on your system (Duncan on gentoo-amd64 went this way). |
48 |
> > |
49 |
> > So no, the format that the systemd journal uses is most decidedly *not* |
50 |
a reason |
51 |
> > against using systemd. |
52 |
> > |
53 |
> > Personally, I'm probably going to uninstall syslog-ng, because |
54 |
journalctl is |
55 |
> > *such* a nice way to read logs, so why run something whose output I'll |
56 |
never |
57 |
> > read again? I recommend reading |
58 |
> > http://0pointer.net/blog/projects/journalctl.html for examples of the |
59 |
kind of |
60 |
> > stuff you can do that would be cumbersome, if not *impossible* with |
61 |
regular |
62 |
> > syslog. |
63 |
> |
64 |
> Except that I get lots of messages about the system journal missing |
65 |
> messages when forwarding to syslog, so how can I make sure this does not |
66 |
> happening? |
67 |
|
68 |
Could you please show those messages? systemd sends *everything* to the |
69 |
journal, and then the journal (optionally) can send it too to a regular |
70 |
syslog. In that sense, it's impossible for the journal to miss any message. |
71 |
|
72 |
The only way in which the journal could miss messages is at very early boot |
73 |
stages; but with a proper initramfs (like the ones generated with dracut), |
74 |
even those get caught. You get to put an instance of systemd and the |
75 |
journal inside the initramfs, and so it's available almost from the |
76 |
beginning. |
77 |
|
78 |
And if you use gummiboot, then you can even log from the moment the UEFI |
79 |
firmware comes to life. |
80 |
|
81 |
Regards. |
82 |
-- |
83 |
Canek Peláez Valdés |
84 |
Profesor de asignatura, Facultad de Ciencias |
85 |
Universidad Nacional Autónoma de México |