[arch-general] systemd's journal and syslog-ng
On 02/09/2012 03:29 PM, Dave Reisner wrote:
I know I do not longer need to run a syslog daemon, but I like my logs in human readable form. So, being a obedient ml reader, I configured my syslog-ng to read from said new socket unix-dgram("/run/systemd/journal/socket"); instead of the old /dev/log. But since then my logs are incomplete at best. So here are my questions: - Why are the logs read from /run/systemd/journal/socket incomplete and how do I fix this? - Why do I even have to change the socket? /dev/log is still there and still works like a charm.
Tobias Frilling <tobias@frilling-online.de> on Wed, 15 Feb 2012 12:35:56 +0100:
/dev/log gives the messages only once. If two processes read from there it's just random which gets which messages. Probably that is why your logs are incomplete. Changing syslog to read from systemd journal's socket should fix this. -- Best regards, Chris O< ascii ribbon campaign stop html mail - www.asciiribbon.org
To give a few more examples: With syslog-ng reading journal/socket: - No logging for cron daemon (fcron) - No logging at all in log/auth.log - Only some few kernel messages in log/everything.log - No logging with logger(1) The list goes on ...
If somebody still is interested in this, here is my follow-up: After some digging (it is amazing how little information exist for this, not even a man page for anything journal related) I came to the conclusion that journal/socket is not meant for a logging daemon to read from. Instead journal/syslog should be used (see [1]). So your service file should look something like this: [Unit] Description=System Logger Daemon [Service] Sockets=syslog.socket ExecStartPre=-/bin/systemctl stop systemd-kmsg-syslogd.service ExecStart=/usr/sbin/syslog-ng -F ExecReload=/bin/kill -HUP $MAINPID Sockets=syslog.socket StandardOutput=null [Install] WantedBy=multi-user.target Alias=syslog.service And syslog should read from /run/systemd/journal/syslog [1] http://lwn.net/Articles/474968/
Oh, and syslog should probably not read from /proc/kmsg (see http://lists.freedesktop.org/archives/systemd-devel/2012-January/004310.html)
Le 15/02/12, Tobias Frilling <tobias@frilling-online.de> a écrit :
What's the difference between this syslog-ng.service file and the one from syslog-ng ? Beside the Alias line, you only duplicate the Sockets line which already exists. -- radio ianux - http://ianux.fr/
On 02/16/2012 07:13 PM, ianux wrote:
Yeah, the duplication was an accident (might have happened out of frustration). My prior setup lacked the journal/syslog socket, so I thought that the service file was missing a Sockets= entry (reading the file might have helped ;-) ). The service file shipped with syslog-ng does the trick, as long as you point the config to journal/syslog. As for the Alias line, consider this comment from syslog.socket: # The default syslog implementation should make syslog.service a # symlink to itself, so that this socket activates the right actual # syslog service. # # Examples: # # /etc/systemd/system/syslog.service -> /lib/systemd/system/rsyslog.service # /etc/systemd/system/syslog.service -> /lib/systemd/system/syslog-ng.service # # Best way to achieve that is by adding this to your unit file # (i.e. to rsyslog.service or syslog-ng.service): # # [Install] # Alias=syslog.service
Le 16/02/12, Tobias Frilling <tobias@frilling-online.de> a écrit :
The Alias line now makes sense to me. It links syslog-ng.service to syslog.socket which create /run/systemd/journal/syslog. Thanks for the tip (logging through /run/systemd/journal/socket indeed looks like garbage). -- radio ianux - http://ianux.fr/
participants (4)
-
Christian Hesse
-
Giorgio Lando
-
ianux
-
Tobias Frilling