On Mon, Aug 23, 2021, 11:19 Nishant Nayan <nayan.nishant2...@gmail.com> wrote:
> I was using logger command to see if the logs goes to journal, and it > does, it goes both in /var/log/messages (owned by syslog) and journal, how > is it happening? Is it because journal listens to /dev/log ? > Journald listens to /dev/log and writes messages to its .journal files. Then a syslog daemon (rsyslogd or syslog-ng) receives the same messages *from* journald, in one of two ways, and writes them to /var/log/messages: a) The syslog daemon directly reads messages with full metadata from .journal files (e.g. in rsyslogd this is the imjournal module); or b) The syslog daemon listens on a completely separate socket in /run, and journald forwards all messages to that socket (without metadata) using the traditional syslog protocol. The following is from systemd-journald.socket > [Socket] > ListenStream=/run/systemd/journal/stdout > ListenDatagram=/run/systemd/journal/socket > ListenDatagram=/dev/log > > Also can we edit 'systemd-journald.socket ' so as to not listen to > /dev/log ? Just for seeing its behaviour. > I tried by commenting out and removing 'ListenDatagram=/dev/log' and > restarted the socket and journal service, but the logger log is still > displayed in journal > Technically that should work? But don't use it for other reasons except testing, I'd say... Did you systemctl daemon-reload? Is /dev/log a real socket or a symlink? (In later systemd versions it's a symlink and the real socket is in /run.) If it's a real socket, does it get re-created after 'rm'? > > > Nishant > > On Fri, 20 Aug 2021 at 16:43, Mantas Mikulėnas <graw...@gmail.com> wrote: > >> On Fri, Aug 20, 2021 at 2:11 PM Mantas Mikulėnas <graw...@gmail.com> >> wrote: >> >>> On Fri, Aug 20, 2021 at 2:10 PM Nishant Nayan < >>> nayan.nishant2...@gmail.com> wrote: >>> >>>> Regarding the below point : >>>> c) The service prints to stdout/stderr, but systemd attaches the >>>> service's stdout/stderr to a pipe which is read by journald (using >>>> sd_journal_stream_fd(3) from libsystemd). See [Service] StandardOutput= in >>>> systemd.service(5). >>>> >>>> I did not see StandardOutput field in [Service] sections of a service >>>> file, for example sshd.service, but its logs are visible in journalctl. >>>> Is it by default piped to journal and we need to explicitly mention it >>>> (StandardOutput=) only when we want to redirect it somewhere else? >>>> >>> >>> StandardOutput=journal is the default setting. >>> >> >> And, actually, sshd doesn't write its messages to stdout anyway – it uses >> syslog() via /dev/log; most daemons do. >> >> -- >> Mantas Mikulėnas >> >
