1 |
On Mon, Jul 23, 2012 at 4:29 AM, Stefan G. Weichinger <lists@×××××.at> wrote: |
2 |
> |
3 |
> (replying to list as I assume this could interest and/or help other |
4 |
> users as well) |
5 |
> |
6 |
> Peter, Canek, how did you approach syslogs? |
7 |
> |
8 |
> systemd brings its own journal (readable via systemd-journalctl, learned |
9 |
> right now) and so it possible to run the box without syslog-ng or similar. |
10 |
> |
11 |
> archlinux-wiki tells me how to combine things: |
12 |
> |
13 |
> https://wiki.archlinux.org/index.php/Systemd#Systemd_Journal |
14 |
> |
15 |
> but I wonder what your solutions/opinions are so far ... |
16 |
|
17 |
journald is an interesting idea. It allows you (among other things) to |
18 |
see the messages from a service (and only from that service) in the |
19 |
status command of systemctl: |
20 |
|
21 |
# systemctl status sshd.service |
22 |
sshd.service - SSH Secure Shell Service |
23 |
Loaded: loaded (/etc/systemd/system/sshd.service; enabled) |
24 |
Active: active (running) since Thu, 12 Jul 2012 21:39:03 -0500; 1 |
25 |
weeks and 3 days ago |
26 |
Main PID: 371 (sshd) |
27 |
CGroup: name=systemd:/system/sshd.service |
28 |
└ 371 /usr/sbin/sshd -D |
29 |
|
30 |
Jul 22 18:12:18 negra sshd[11272]: SSH: Server;Ltype: Version;Remote: |
31 |
192.168.0.100-60763;Protocol: 2.0;Client: OpenSSH_5.9p1-hpn13v11lpk |
32 |
Jul 22 18:12:18 negra sshd[11272]: SSH: Server;Ltype: Kex;Remote: |
33 |
192.168.0.100-60763;Enc: aes128-ctr;MAC: hmac-md5;Comp: none [preauth] |
34 |
Jul 22 18:12:19 negra sshd[11272]: SSH: Server;Ltype: Authname;Remote: |
35 |
192.168.0.100-60763;Name: canek [preauth] |
36 |
Jul 22 18:12:22 negra sshd[11272]: Accepted publickey for canek from |
37 |
192.168.0.100 port 60763 ssh2 |
38 |
Jul 22 18:12:22 negra sshd[11272]: pam_unix(sshd:session): session |
39 |
opened for user canek by (uid=0) |
40 |
Jul 22 21:06:54 negra sshd[11893]: SSH: Server;Ltype: Version;Remote: |
41 |
192.168.0.100-35208;Protocol: 2.0;Client: OpenSSH_5.9p1-hpn13v11lpk |
42 |
Jul 22 21:06:54 negra sshd[11893]: SSH: Server;Ltype: Kex;Remote: |
43 |
192.168.0.100-35208;Enc: aes128-ctr;MAC: hmac-md5;Comp: none [preauth] |
44 |
Jul 22 21:06:54 negra sshd[11893]: SSH: Server;Ltype: Authname;Remote: |
45 |
192.168.0.100-35208;Name: canek [preauth] |
46 |
Jul 22 21:06:55 negra sshd[11893]: Accepted publickey for canek from |
47 |
192.168.0.100 port 35208 ssh2 |
48 |
|
49 |
As far as I know, there is nothing remotely similar in either Upstart |
50 |
nor SysV init. |
51 |
|
52 |
In my laptop and desktop, I could only use journald, but since systemd |
53 |
can be used along with rsyslog/syslog-ng, I still run rsyslog: |
54 |
|
55 |
# systemctl status rsyslog.service |
56 |
rsyslog.service - System Logging Service |
57 |
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled) |
58 |
Active: active (running) since Thu, 12 Jul 2012 21:39:04 -0500; 1 |
59 |
weeks and 3 days ago |
60 |
Main PID: 388 (rsyslogd) |
61 |
CGroup: name=systemd:/system/rsyslog.service |
62 |
└ 388 /usr/sbin/rsyslogd -n -c5 |
63 |
|
64 |
The reason is only that I actually like to keep my logs, even if for a |
65 |
laptop/desktop is most of the times not necessary. I think the only |
66 |
thing I did to set rsyslog as my logger service was to link the |
67 |
syslog.service file to it: |
68 |
|
69 |
# ll /etc/systemd/system/syslog.service |
70 |
lrwxrwxrwx 1 root root 39 Jan 18 2012 |
71 |
/etc/systemd/system/syslog.service -> |
72 |
/usr/lib/systemd/system/rsyslog.service |
73 |
|
74 |
For my servers journald is cute, but I would never think about |
75 |
removing a "real" logger. |
76 |
|
77 |
So, in short: for servers install a real logger (I recommend rsyslog, |
78 |
although syslog-ng should also work), and for laptop/desktop you |
79 |
*could* do just with journald, but if it makes you feel better (as it |
80 |
does in my case) you can also install a real logger. |
81 |
|
82 |
Now that I think about it, I haven't really looked at my logs neither |
83 |
in my laptop nor desktop in months. I think I could easily remove |
84 |
rsyslog and just have journald; but rsyslog is light enough, and |
85 |
having the logs there gives me a little peace of mind. |
86 |
|
87 |
Regards. |
88 |
-- |
89 |
Canek Peláez Valdés |
90 |
Posgrado en Ciencia e Ingeniería de la Computación |
91 |
Universidad Nacional Autónoma de México |