Thank you Mantas for the details. How do you currently get the logs "every few seconds"? > Actually we have a script that will be triggered every 10 seconds. That script will run "journalctl -u <service>" and redirect the output to the respective log file. We will run journalctl for around 40-50 services for every 10 seconds and redirect it to the respective log files. That may be a bad idea, but this is how we are collecting logs as of now. We need to separate the logs for every service and that's why we ended up with this implementation.
Ah, ok so StandardOutput:file:<log_file> will allow the service to open the fd and directly connect it to the service stdout. Let me look into journalctl --follow. Any other alternative approaches for the above implementation? Thanks again Mantas. -- Arjun On Mon, Sep 27, 2021 at 11:39 PM Mantas Mikulėnas <graw...@gmail.com> wrote: > > On Mon, Sep 27, 2021 at 1:11 PM Arjun D R <drarju...@gmail.com> wrote: > >> Hi Folks, >> >> Currently we are using systemd-journald for service logging. We run >> journalctl for a bunch of services and redirect those to the custom log >> files for every few seconds. This takes up the CPU for that particular >> time period since we have lot of IO operations as well. We came to know >> that systemd version v236+ supports direct logging >> (StandardOutput:file:<log_file>) to the custom log file by the service. I >> would like to use that facility but we don't get the prefix that we used to >> get when using the journal. >> >> Is there a way to prepare a custom patch locally to add the necessary >> prefix to the stdout before writing to the custom log file? Is that a good >> idea? Any other suggestions? >> > > Probably not easily, as it's not systemd that is writing to the log file – > it's your service process itself that directly gets a FD for the log file > as its stdout. It's not specifically a "direct logging" feature, but rather > just an equivalent to `myservice > log_file`. > > How do you currently get the logs "every few seconds"? Instead of repeated > grabbing, have you tried using `journalctl --follow` to monitor logs > continuously? This should use far less I/O than repeated `journalctl | > tail` which is what it sounds like you're doing. (Wrap in `stdbuf -o0` if > necessary.) > > Alternatively, set up the traditional rsyslogd or syslog-ng – writing to > custom log files is basically what they *do*, and both of them are capable > of receiving logs from journald (either by directly monitoring .journal > files or by having the messages forwarded via socket). > > -- > Mantas Mikulėnas >
