1 |
Canek Peláez Valdés <caneko@×××××.com> wrote: |
2 |
|
3 |
> On Mon, Feb 23, 2015 at 11:49 AM, <covici@××××××××××.com> wrote: |
4 |
> > |
5 |
> > Canek Peláez Valdés <caneko@×××××.com> wrote: |
6 |
> > |
7 |
> > > On Mon, Feb 23, 2015 at 3:41 AM, <covici@××××××××××.com> wrote: |
8 |
> > > > |
9 |
> > > > Marc Joliet <marcec@×××.de> wrote: |
10 |
> > > > |
11 |
> > > > > Am Mon, 23 Feb 2015 00:41:50 +0100 |
12 |
> > > > > schrieb lee <lee@××××××××.de>: |
13 |
> > > > > |
14 |
> > > > > > Neil Bothwick <neil@××××××××××.uk> writes: |
15 |
> > > > > > |
16 |
> > > > > > > On Wed, 18 Feb 2015 21:49:54 +0100, lee wrote: |
17 |
> > > > > > > |
18 |
> > > > > > >> > I wonder if the OP is using systemd and trying to read the |
19 |
> > > journal |
20 |
> > > > > > >> > files? |
21 |
> > > > > > >> |
22 |
> > > > > > >> Nooo, I hate systemd ... |
23 |
> > > > > > >> |
24 |
> > > > > > >> What good are log files you can't read? |
25 |
> > > > > > > |
26 |
> > > > > > > You can't read syslog-ng log files without some reading |
27 |
> software, |
28 |
> > > usually |
29 |
> > > > > > > a combination of cat, grep and less. systemd does it all with |
30 |
> > > journalctl. |
31 |
> > > > > > > |
32 |
> > > > > > > There are good reasons to not use systemd, this isn't one of |
33 |
> them. |
34 |
> > > > > > |
35 |
> > > > > > To me it is one of the good reasons, and an important one. Plain |
36 |
> text |
37 |
> > > > > > can usually always be read without further ado, be it from rescue |
38 |
> > > > > > systems you booted or with software available on different |
39 |
> operating |
40 |
> > > > > > systems. It can be also be processed with scripts and sent as |
41 |
> email. |
42 |
> > > > > > You can probably even read it on your cell phone. You can still |
43 |
> read |
44 |
> > > > > > log files that were created 20 years ago when they are plain text. |
45 |
> > > > > > |
46 |
> > > > > > Can you do all that with the binary files created by systemd? I |
47 |
> can't |
48 |
> > > > > > even read them on a working system. |
49 |
> > > > > |
50 |
> > > > > What Canek and Rich already said is good, but I'll just add this: |
51 |
> it's |
52 |
> > > not like |
53 |
> > > > > you can't run a classic syslog implementation alongside the systemd |
54 |
> > > journal. |
55 |
> > > > > On my systems, by *default*, syslog-ng kept working as usual, |
56 |
> getting |
57 |
> > > the logs |
58 |
> > > > > from the systemd journal. If you want to go further, you can even |
59 |
> > > configure |
60 |
> > > > > the journal to not store logs permanently, so that you *only* end up |
61 |
> > > with |
62 |
> > > > > plain-text logs on your system (Duncan on gentoo-amd64 went this |
63 |
> way). |
64 |
> > > > > |
65 |
> > > > > So no, the format that the systemd journal uses is most decidedly |
66 |
> *not* |
67 |
> > > a reason |
68 |
> > > > > against using systemd. |
69 |
> > > > > |
70 |
> > > > > Personally, I'm probably going to uninstall syslog-ng, because |
71 |
> > > journalctl is |
72 |
> > > > > *such* a nice way to read logs, so why run something whose output |
73 |
> I'll |
74 |
> > > never |
75 |
> > > > > read again? I recommend reading |
76 |
> > > > > http://0pointer.net/blog/projects/journalctl.html for examples of |
77 |
> the |
78 |
> > > kind of |
79 |
> > > > > stuff you can do that would be cumbersome, if not *impossible* with |
80 |
> > > regular |
81 |
> > > > > syslog. |
82 |
> > > > |
83 |
> > > > Except that I get lots of messages about the system journal missing |
84 |
> > > > messages when forwarding to syslog, so how can I make sure this does |
85 |
> not |
86 |
> > > > happening? |
87 |
> > > |
88 |
> > > Could you please show those messages? systemd sends *everything* to the |
89 |
> > > journal, and then the journal (optionally) can send it too to a regular |
90 |
> > > syslog. In that sense, it's impossible for the journal to miss any |
91 |
> message. |
92 |
> > > |
93 |
> > > The only way in which the journal could miss messages is at very early |
94 |
> boot |
95 |
> > > stages; but with a proper initramfs (like the ones generated with |
96 |
> dracut), |
97 |
> > > even those get caught. You get to put an instance of systemd and the |
98 |
> > > journal inside the initramfs, and so it's available almost from the |
99 |
> > > beginning. |
100 |
> > > |
101 |
> > > And if you use gummiboot, then you can even log from the moment the UEFI |
102 |
> > > firmware comes to life. |
103 |
> > |
104 |
> > So, I get lots of messages in my regular syslog-ng /var/log/messages |
105 |
> > like the following: |
106 |
> > Feb 23 12:47:52 ccs.covici.com systemd-journal[715]: Forwarding to |
107 |
> > syslog missed 15 messages. |
108 |
> > |
109 |
> > So, I saw a post on Google to up the queue length, and I uped it to 200, |
110 |
> > but no joy, still get the messages like the one above. |
111 |
> |
112 |
> Are you using the unit file provided by syslog-ng (systemd-delta doesn't |
113 |
> mention syslog)? Also, is /etc/systemd/system/syslog.service is a link |
114 |
> to /usr/lib/systemd/system/syslog-ng.service? |
115 |
> |
116 |
> I do, and I don't get any of those messages. I use the default journal |
117 |
> configuration. According to [1], this should be fixed. |
118 |
> |
119 |
> Regards. |
120 |
> |
121 |
> https://github.com/balabit/syslog-ng/issues/314 |
122 |
|
123 |
At the time when I did this there was no syslog-ng.service in |
124 |
/usr/lib/systemd/system, now there is, but my unit file is like this: |
125 |
|
126 |
[Unit] |
127 |
Description=System Logger Daemon |
128 |
Documentation=man:syslog-ng(8) |
129 |
|
130 |
[Service] |
131 |
Sockets=syslog.socket |
132 |
ExecStart=/usr/sbin/syslog-ng -F |
133 |
ExecReload=/bin/kill -HUP $MAINPID |
134 |
#Restart=on-failure |
135 |
|
136 |
[Install] |
137 |
WantedBy=multi-user.target |
138 |
Alias=syslog.service |
139 |
|
140 |
Is there a reason why this should not work? |
141 |
|
142 |
-- |
143 |
Your life is like a penny. You're going to lose it. The question is: |
144 |
How do |
145 |
you spend it? |
146 |
|
147 |
John Covici |
148 |
covici@××××××××××.com |