On Mon, Jul 23, 2012 at 4:29 AM, Stefan G. Weichinger <li...@xunil.at> wrote: > > (replying to list as I assume this could interest and/or help other > users as well) > > Peter, Canek, how did you approach syslogs? > > systemd brings its own journal (readable via systemd-journalctl, learned > right now) and so it possible to run the box without syslog-ng or similar. > > archlinux-wiki tells me how to combine things: > > https://wiki.archlinux.org/index.php/Systemd#Systemd_Journal > > but I wonder what your solutions/opinions are so far ...
journald is an interesting idea. It allows you (among other things) to see the messages from a service (and only from that service) in the status command of systemctl: # systemctl status sshd.service sshd.service - SSH Secure Shell Service Loaded: loaded (/etc/systemd/system/sshd.service; enabled) Active: active (running) since Thu, 12 Jul 2012 21:39:03 -0500; 1 weeks and 3 days ago Main PID: 371 (sshd) CGroup: name=systemd:/system/sshd.service └ 371 /usr/sbin/sshd -D Jul 22 18:12:18 negra sshd[11272]: SSH: Server;Ltype: Version;Remote: 192.168.0.100-60763;Protocol: 2.0;Client: OpenSSH_5.9p1-hpn13v11lpk Jul 22 18:12:18 negra sshd[11272]: SSH: Server;Ltype: Kex;Remote: 192.168.0.100-60763;Enc: aes128-ctr;MAC: hmac-md5;Comp: none [preauth] Jul 22 18:12:19 negra sshd[11272]: SSH: Server;Ltype: Authname;Remote: 192.168.0.100-60763;Name: canek [preauth] Jul 22 18:12:22 negra sshd[11272]: Accepted publickey for canek from 192.168.0.100 port 60763 ssh2 Jul 22 18:12:22 negra sshd[11272]: pam_unix(sshd:session): session opened for user canek by (uid=0) Jul 22 21:06:54 negra sshd[11893]: SSH: Server;Ltype: Version;Remote: 192.168.0.100-35208;Protocol: 2.0;Client: OpenSSH_5.9p1-hpn13v11lpk Jul 22 21:06:54 negra sshd[11893]: SSH: Server;Ltype: Kex;Remote: 192.168.0.100-35208;Enc: aes128-ctr;MAC: hmac-md5;Comp: none [preauth] Jul 22 21:06:54 negra sshd[11893]: SSH: Server;Ltype: Authname;Remote: 192.168.0.100-35208;Name: canek [preauth] Jul 22 21:06:55 negra sshd[11893]: Accepted publickey for canek from 192.168.0.100 port 35208 ssh2 As far as I know, there is nothing remotely similar in either Upstart nor SysV init. In my laptop and desktop, I could only use journald, but since systemd can be used along with rsyslog/syslog-ng, I still run rsyslog: # systemctl status rsyslog.service rsyslog.service - System Logging Service Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled) Active: active (running) since Thu, 12 Jul 2012 21:39:04 -0500; 1 weeks and 3 days ago Main PID: 388 (rsyslogd) CGroup: name=systemd:/system/rsyslog.service └ 388 /usr/sbin/rsyslogd -n -c5 The reason is only that I actually like to keep my logs, even if for a laptop/desktop is most of the times not necessary. I think the only thing I did to set rsyslog as my logger service was to link the syslog.service file to it: # ll /etc/systemd/system/syslog.service lrwxrwxrwx 1 root root 39 Jan 18 2012 /etc/systemd/system/syslog.service -> /usr/lib/systemd/system/rsyslog.service For my servers journald is cute, but I would never think about removing a "real" logger. So, in short: for servers install a real logger (I recommend rsyslog, although syslog-ng should also work), and for laptop/desktop you *could* do just with journald, but if it makes you feel better (as it does in my case) you can also install a real logger. Now that I think about it, I haven't really looked at my logs neither in my laptop nor desktop in months. I think I could easily remove rsyslog and just have journald; but rsyslog is light enough, and having the logs there gives me a little peace of mind. Regards. -- Canek Peláez Valdés Posgrado en Ciencia e Ingeniería de la Computación Universidad Nacional Autónoma de México