| 1 |
On Mon, Feb 9, 2015 at 5:06 AM, Matthias Hanft <mh@×××××.de> wrote: |
| 2 |
> |
| 3 |
> And (from what I have heard) if you use systemd instead of |
| 4 |
> openrc, there are no syslog files at all - you have to export |
| 5 |
> them (from some binary database) manually to some human- |
| 6 |
> readable format. But I don't know much about that - never |
| 7 |
> used systemd on any Gentoo Linux yet. |
| 8 |
|
| 9 |
You don't have to export them from anything unless you need their |
| 10 |
content in a text file. If you just run "journalctl" that is the |
| 11 |
equivalent of typing cat /var/log/messages. If you do want to parse |
| 12 |
them with an external tool then you get your choice of several text |
| 13 |
formats and json. |
| 14 |
|
| 15 |
And yes, you can also run syslog, though I never really got the point |
| 16 |
of that. The value of the journal is that you capture full metadata |
| 17 |
for your log entries and you can just query it vs having to parse |
| 18 |
undelimited text files. Heck, it seems like half the enterprise |
| 19 |
monitoring tools start out by grabbing that log file that has |
| 20 |
discarded most of the context and then putting it in a database and |
| 21 |
attempting to re-create it all. |
| 22 |
|
| 23 |
-- |
| 24 |
Rich |
Archives