1 |
Rich Freeman <rich0@g.o> wrote: |
2 |
|
3 |
> On Mon, Feb 9, 2015 at 6:52 AM, Alec Ten Harmsel |
4 |
> <alec@××××××××××××××.com> wrote: |
5 |
> > |
6 |
> > On 02/09/2015 06:49 AM, Mick wrote: |
7 |
> >> On Monday 09 Feb 2015 11:23:15 Rich Freeman wrote: |
8 |
> >>> You don't have to export them from anything unless you need their |
9 |
> >>> content in a text file. If you just run "journalctl" that is the |
10 |
> >>> equivalent of typing cat /var/log/messages. If you do want to parse |
11 |
> >>> them with an external tool then you get your choice of several text |
12 |
> >>> formats and json. |
13 |
> >> The thing is I never use cat. I invariably use less, rview, or grep, to |
14 |
> >> browse or search the log files. |
15 |
> >> |
16 |
> >> How will this work with journalctl, will I have to export them first into a |
17 |
> >> different format? |
18 |
> >> |
19 |
> > |
20 |
> > You can run `journalctl | grep whatever`. I don't know what rview is, |
21 |
> > but as long as whatever you're using supports pipes you should be fine. |
22 |
> > |
23 |
> |
24 |
> Keep in mind that if you're grepping logs, there is probably a better |
25 |
> way to accomplish what you want to do with journalctl's options. |
26 |
> Finding all output from a particular daemon is going to be more |
27 |
> reliable if you filter by unit, versus getting verbose log output from |
28 |
> your mail server that has "mysql" somewhere in it or whatever. That |
29 |
> is the main reason for using a binary log format. |
30 |
> |
31 |
> But, yes, you can just pipe the output into the tool of your choice. |
32 |
> If you keep a lot of logs like I do it might be wiser to prefilter it |
33 |
> a bit, such as by adding -b to the options to limit it to entries |
34 |
> since the last reboot. |
35 |
> |
36 |
> I also tend to keep a journalctl -f running in a screen session, which |
37 |
> is the equivalent of a tail -f. |
38 |
> |
39 |
> If you're using an automated tool you can also use cursors to bookmark |
40 |
> the last entry you read and then ask journalctl for entries since that |
41 |
> one. Of course, an automated tool would probably just read the logs |
42 |
> via dbus or whatever (I haven't taken the time to look into the APIs). |
43 |
|
44 |
I wonder if the original poster is using systemd? Also, I find |
45 |
journalctl very clumsy to find things about a specific program, such as |
46 |
mail logs or whatever -- unless I am missing something. I use |
47 |
syslog-ng, although I get a lot of messages which say forwarding to |
48 |
syslog missed n messages from system journal, so maybe its a problem, |
49 |
but how would you use logwatch without something like syslog-ng? |
50 |
-- |
51 |
Your life is like a penny. You're going to lose it. The question is: |
52 |
How do |
53 |
you spend it? |
54 |
|
55 |
John Covici |
56 |
covici@××××××××××.com |