On Mon, Jul 23, 2012 at 4:29 AM, Stefan G. Weichinger <li...@xunil.at> wrote:
>
> (replying to list as I assume this could interest and/or help other
> users as well)
>
> Peter, Canek, how did you approach syslogs?
>
> systemd brings its own journal (readable via systemd-journalctl, learned
> right now) and so it possible to run the box without syslog-ng or similar.
>
> archlinux-wiki tells me how to combine things:
>
> https://wiki.archlinux.org/index.php/Systemd#Systemd_Journal
>
> but I wonder what your solutions/opinions are so far ...
journald is an interesting idea. It allows you (among other things) to
see the messages from a service (and only from that service) in the
status command of systemctl:
# systemctl status sshd.service
sshd.service - SSH Secure Shell Service
Loaded: loaded (/etc/systemd/system/sshd.service; enabled)
Active: active (running) since Thu, 12 Jul 2012 21:39:03 -0500; 1
weeks and 3 days ago
Main PID: 371 (sshd)
CGroup: name=systemd:/system/sshd.service
└ 371 /usr/sbin/sshd -D
Jul 22 18:12:18 negra sshd[11272]: SSH: Server;Ltype: Version;Remote:
192.168.0.100-60763;Protocol: 2.0;Client: OpenSSH_5.9p1-hpn13v11lpk
Jul 22 18:12:18 negra sshd[11272]: SSH: Server;Ltype: Kex;Remote:
192.168.0.100-60763;Enc: aes128-ctr;MAC: hmac-md5;Comp: none [preauth]
Jul 22 18:12:19 negra sshd[11272]: SSH: Server;Ltype: Authname;Remote:
192.168.0.100-60763;Name: canek [preauth]
Jul 22 18:12:22 negra sshd[11272]: Accepted publickey for canek from
192.168.0.100 port 60763 ssh2
Jul 22 18:12:22 negra sshd[11272]: pam_unix(sshd:session): session
opened for user canek by (uid=0)
Jul 22 21:06:54 negra sshd[11893]: SSH: Server;Ltype: Version;Remote:
192.168.0.100-35208;Protocol: 2.0;Client: OpenSSH_5.9p1-hpn13v11lpk
Jul 22 21:06:54 negra sshd[11893]: SSH: Server;Ltype: Kex;Remote:
192.168.0.100-35208;Enc: aes128-ctr;MAC: hmac-md5;Comp: none [preauth]
Jul 22 21:06:54 negra sshd[11893]: SSH: Server;Ltype: Authname;Remote:
192.168.0.100-35208;Name: canek [preauth]
Jul 22 21:06:55 negra sshd[11893]: Accepted publickey for canek from
192.168.0.100 port 35208 ssh2
As far as I know, there is nothing remotely similar in either Upstart
nor SysV init.
In my laptop and desktop, I could only use journald, but since systemd
can be used along with rsyslog/syslog-ng, I still run rsyslog:
# systemctl status rsyslog.service
rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled)
Active: active (running) since Thu, 12 Jul 2012 21:39:04 -0500; 1
weeks and 3 days ago
Main PID: 388 (rsyslogd)
CGroup: name=systemd:/system/rsyslog.service
└ 388 /usr/sbin/rsyslogd -n -c5
The reason is only that I actually like to keep my logs, even if for a
laptop/desktop is most of the times not necessary. I think the only
thing I did to set rsyslog as my logger service was to link the
syslog.service file to it:
# ll /etc/systemd/system/syslog.service
lrwxrwxrwx 1 root root 39 Jan 18 2012
/etc/systemd/system/syslog.service ->
/usr/lib/systemd/system/rsyslog.service
For my servers journald is cute, but I would never think about
removing a "real" logger.
So, in short: for servers install a real logger (I recommend rsyslog,
although syslog-ng should also work), and for laptop/desktop you
*could* do just with journald, but if it makes you feel better (as it
does in my case) you can also install a real logger.
Now that I think about it, I haven't really looked at my logs neither
in my laptop nor desktop in months. I think I could easily remove
rsyslog and just have journald; but rsyslog is light enough, and
having the logs there gives me a little peace of mind.
Regards.
--
Canek Peláez Valdés
Posgrado en Ciencia e Ingeniería de la Computación
Universidad Nacional Autónoma de México
