| 1 |
On Mon, Jul 23, 2012 at 4:29 AM, Stefan G. Weichinger <lists@×××××.at> wrote: |
| 2 |
> |
| 3 |
> (replying to list as I assume this could interest and/or help other |
| 4 |
> users as well) |
| 5 |
> |
| 6 |
> Peter, Canek, how did you approach syslogs? |
| 7 |
> |
| 8 |
> systemd brings its own journal (readable via systemd-journalctl, learned |
| 9 |
> right now) and so it possible to run the box without syslog-ng or similar. |
| 10 |
> |
| 11 |
> archlinux-wiki tells me how to combine things: |
| 12 |
> |
| 13 |
> https://wiki.archlinux.org/index.php/Systemd#Systemd_Journal |
| 14 |
> |
| 15 |
> but I wonder what your solutions/opinions are so far ... |
| 16 |
|
| 17 |
journald is an interesting idea. It allows you (among other things) to |
| 18 |
see the messages from a service (and only from that service) in the |
| 19 |
status command of systemctl: |
| 20 |
|
| 21 |
# systemctl status sshd.service |
| 22 |
sshd.service - SSH Secure Shell Service |
| 23 |
Loaded: loaded (/etc/systemd/system/sshd.service; enabled) |
| 24 |
Active: active (running) since Thu, 12 Jul 2012 21:39:03 -0500; 1 |
| 25 |
weeks and 3 days ago |
| 26 |
Main PID: 371 (sshd) |
| 27 |
CGroup: name=systemd:/system/sshd.service |
| 28 |
└ 371 /usr/sbin/sshd -D |
| 29 |
|
| 30 |
Jul 22 18:12:18 negra sshd[11272]: SSH: Server;Ltype: Version;Remote: |
| 31 |
192.168.0.100-60763;Protocol: 2.0;Client: OpenSSH_5.9p1-hpn13v11lpk |
| 32 |
Jul 22 18:12:18 negra sshd[11272]: SSH: Server;Ltype: Kex;Remote: |
| 33 |
192.168.0.100-60763;Enc: aes128-ctr;MAC: hmac-md5;Comp: none [preauth] |
| 34 |
Jul 22 18:12:19 negra sshd[11272]: SSH: Server;Ltype: Authname;Remote: |
| 35 |
192.168.0.100-60763;Name: canek [preauth] |
| 36 |
Jul 22 18:12:22 negra sshd[11272]: Accepted publickey for canek from |
| 37 |
192.168.0.100 port 60763 ssh2 |
| 38 |
Jul 22 18:12:22 negra sshd[11272]: pam_unix(sshd:session): session |
| 39 |
opened for user canek by (uid=0) |
| 40 |
Jul 22 21:06:54 negra sshd[11893]: SSH: Server;Ltype: Version;Remote: |
| 41 |
192.168.0.100-35208;Protocol: 2.0;Client: OpenSSH_5.9p1-hpn13v11lpk |
| 42 |
Jul 22 21:06:54 negra sshd[11893]: SSH: Server;Ltype: Kex;Remote: |
| 43 |
192.168.0.100-35208;Enc: aes128-ctr;MAC: hmac-md5;Comp: none [preauth] |
| 44 |
Jul 22 21:06:54 negra sshd[11893]: SSH: Server;Ltype: Authname;Remote: |
| 45 |
192.168.0.100-35208;Name: canek [preauth] |
| 46 |
Jul 22 21:06:55 negra sshd[11893]: Accepted publickey for canek from |
| 47 |
192.168.0.100 port 35208 ssh2 |
| 48 |
|
| 49 |
As far as I know, there is nothing remotely similar in either Upstart |
| 50 |
nor SysV init. |
| 51 |
|
| 52 |
In my laptop and desktop, I could only use journald, but since systemd |
| 53 |
can be used along with rsyslog/syslog-ng, I still run rsyslog: |
| 54 |
|
| 55 |
# systemctl status rsyslog.service |
| 56 |
rsyslog.service - System Logging Service |
| 57 |
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled) |
| 58 |
Active: active (running) since Thu, 12 Jul 2012 21:39:04 -0500; 1 |
| 59 |
weeks and 3 days ago |
| 60 |
Main PID: 388 (rsyslogd) |
| 61 |
CGroup: name=systemd:/system/rsyslog.service |
| 62 |
└ 388 /usr/sbin/rsyslogd -n -c5 |
| 63 |
|
| 64 |
The reason is only that I actually like to keep my logs, even if for a |
| 65 |
laptop/desktop is most of the times not necessary. I think the only |
| 66 |
thing I did to set rsyslog as my logger service was to link the |
| 67 |
syslog.service file to it: |
| 68 |
|
| 69 |
# ll /etc/systemd/system/syslog.service |
| 70 |
lrwxrwxrwx 1 root root 39 Jan 18 2012 |
| 71 |
/etc/systemd/system/syslog.service -> |
| 72 |
/usr/lib/systemd/system/rsyslog.service |
| 73 |
|
| 74 |
For my servers journald is cute, but I would never think about |
| 75 |
removing a "real" logger. |
| 76 |
|
| 77 |
So, in short: for servers install a real logger (I recommend rsyslog, |
| 78 |
although syslog-ng should also work), and for laptop/desktop you |
| 79 |
*could* do just with journald, but if it makes you feel better (as it |
| 80 |
does in my case) you can also install a real logger. |
| 81 |
|
| 82 |
Now that I think about it, I haven't really looked at my logs neither |
| 83 |
in my laptop nor desktop in months. I think I could easily remove |
| 84 |
rsyslog and just have journald; but rsyslog is light enough, and |
| 85 |
having the logs there gives me a little peace of mind. |
| 86 |
|
| 87 |
Regards. |
| 88 |
-- |
| 89 |
Canek Peláez Valdés |
| 90 |
Posgrado en Ciencia e Ingeniería de la Computación |
| 91 |
Universidad Nacional Autónoma de México |
Archives