| 1 |
Rich Freeman <rich0@g.o> wrote: |
| 2 |
|
| 3 |
> On Mon, Feb 9, 2015 at 6:52 AM, Alec Ten Harmsel |
| 4 |
> <alec@××××××××××××××.com> wrote: |
| 5 |
> > |
| 6 |
> > On 02/09/2015 06:49 AM, Mick wrote: |
| 7 |
> >> On Monday 09 Feb 2015 11:23:15 Rich Freeman wrote: |
| 8 |
> >>> You don't have to export them from anything unless you need their |
| 9 |
> >>> content in a text file. If you just run "journalctl" that is the |
| 10 |
> >>> equivalent of typing cat /var/log/messages. If you do want to parse |
| 11 |
> >>> them with an external tool then you get your choice of several text |
| 12 |
> >>> formats and json. |
| 13 |
> >> The thing is I never use cat. I invariably use less, rview, or grep, to |
| 14 |
> >> browse or search the log files. |
| 15 |
> >> |
| 16 |
> >> How will this work with journalctl, will I have to export them first into a |
| 17 |
> >> different format? |
| 18 |
> >> |
| 19 |
> > |
| 20 |
> > You can run `journalctl | grep whatever`. I don't know what rview is, |
| 21 |
> > but as long as whatever you're using supports pipes you should be fine. |
| 22 |
> > |
| 23 |
> |
| 24 |
> Keep in mind that if you're grepping logs, there is probably a better |
| 25 |
> way to accomplish what you want to do with journalctl's options. |
| 26 |
> Finding all output from a particular daemon is going to be more |
| 27 |
> reliable if you filter by unit, versus getting verbose log output from |
| 28 |
> your mail server that has "mysql" somewhere in it or whatever. That |
| 29 |
> is the main reason for using a binary log format. |
| 30 |
> |
| 31 |
> But, yes, you can just pipe the output into the tool of your choice. |
| 32 |
> If you keep a lot of logs like I do it might be wiser to prefilter it |
| 33 |
> a bit, such as by adding -b to the options to limit it to entries |
| 34 |
> since the last reboot. |
| 35 |
> |
| 36 |
> I also tend to keep a journalctl -f running in a screen session, which |
| 37 |
> is the equivalent of a tail -f. |
| 38 |
> |
| 39 |
> If you're using an automated tool you can also use cursors to bookmark |
| 40 |
> the last entry you read and then ask journalctl for entries since that |
| 41 |
> one. Of course, an automated tool would probably just read the logs |
| 42 |
> via dbus or whatever (I haven't taken the time to look into the APIs). |
| 43 |
|
| 44 |
I wonder if the original poster is using systemd? Also, I find |
| 45 |
journalctl very clumsy to find things about a specific program, such as |
| 46 |
mail logs or whatever -- unless I am missing something. I use |
| 47 |
syslog-ng, although I get a lot of messages which say forwarding to |
| 48 |
syslog missed n messages from system journal, so maybe its a problem, |
| 49 |
but how would you use logwatch without something like syslog-ng? |
| 50 |
-- |
| 51 |
Your life is like a penny. You're going to lose it. The question is: |
| 52 |
How do |
| 53 |
you spend it? |
| 54 |
|
| 55 |
John Covici |
| 56 |
covici@××××××××××.com |
Archives