On 2018-05-22 13:52, Per Jessen wrote:
Carlos E. R. wrote:
By the way, I don't recommend using syslog-ng on an openSUSE system that has systemd and journal. The reason is that syslog-ng reads the journal files. If the journal is stopped or disabled, syslog does not work.
Correction: not stopping the journal daemon, but disabling it writing log files, temporary or permanent.
In the default config comes with openSUSE, the same applies rsyslog, Carlos.
No, it doesn't. cer@minas-tirith:~> journalctl No journal files were found. -- No entries -- cer@minas-tirith:~> Permanent logs: cer@minas-tirith:~> l /var/log/jou* ls: cannot access '/var/log/jou*': No such file or directory cer@minas-tirith:~> This session logs: cer@minas-tirith:~> l /run/log/journal ls: cannot access '/run/log/journal': No such file or directory cer@minas-tirith:~> cer@minas-tirith:~> l /run/systemd/journal/ total 4 drwxr-xr-x 3 root root 180 May 19 04:15 ./ drwxr-xr-x 16 root root 400 May 19 04:15 ../ srw-rw-rw- 1 root root 0 May 19 04:15 dev-log= -rw-r--r-- 1 root root 0 May 19 04:15 flushed -rw-r--r-- 1 root root 8 May 19 04:15 kernel-seqnum srw-rw-rw- 1 root root 0 May 19 04:15 socket= srw-rw-rw- 1 root root 0 May 19 04:15 stdout= drwxr-xr-x 2 root root 1320 May 22 14:17 streams/ srw-rw-rw- 1 root root 0 May 19 04:15 syslog= cer@minas-tirith:~> But syslog is working: cer@minas-tirith:~> logger "Hello world" cer@minas-tirith:~> tail /var/log/messages <1.5> 2018-05-22 14:16:52 minas-tirith dns-resolver - - - ATTENTION: You have modified /etc/resolv.conf. Leaving it untouched... <1.5> 2018-05-22 14:16:52 minas-tirith dns-resolver - - - You can find my version in /etc/resolv.conf.netconfig <0.6> 2018-05-22 14:16:55 minas-tirith kernel - - - [41375.835583] [drm] HPD interrupt storm detected on connector DP-2: switching from hotplug detection to polling <4.6> 2018-05-22 14:17:50 minas-tirith sshd 24136 - - Accepted publickey for cer from 192.168.1.14 port 39692 ssh2: DSA SHA256:IL5fWYgcmeebsYvfWB41P1Z/+UrPHNRpaw77F/UWRf0 <10.6> 2018-05-22 14:17:50 minas-tirith sshd 24136 - - pam_unix(sshd:session): session opened for user cer by (uid=0) <4.6> 2018-05-22 14:17:50 minas-tirith systemd-logind 1737 - - New session 51 of user cer. <3.6> 2018-05-22 14:17:50 minas-tirith systemd 1 - - Started Session 51 of user cer. <3.6> 2018-05-22 14:19:04 minas-tirith smartd 1631 - - Device: /dev/sda [SAT], SMART Usage Attribute: 194 Temperature_Celsius changed from 56 to 74 <1.5> 2018-05-22 14:20:56 minas-tirith cer - - - Hello world <================= cer@minas-tirith:~> What I did was this: in file "/etc/systemd/journald.conf" I set: [Journal] Storage=none Try this with syslog-ng: last time I tried it failed. Documentation explains it: journald.conf(5) FORWARDING TO TRADITIONAL SYSLOG DAEMONS Journal events can be transferred to a different logging daemon in two different ways. With the first method, messages are immediately forwarded to a socket (/run/systemd/journal/syslog), where the traditional syslog daemon can read them. This method is controlled by the ForwardToSyslog= option. With a second method, a syslog daemon behaves like a normal journal client, and reads messages from the journal files, similarly to journalctl(1). With this, messages do not have to be read immediately, which allows a logging daemon which is only started late in boot to access all messages since the start of the system. In addition, full structured meta-data is available to it. This method of course is available only if the messages are stored in a journal file at all. So it will not work if Storage=none is set. It should be noted that usually the second method is used by syslog daemons, so the Storage= option, and not the ForwardToSyslog= option, is relevant for them.
FYI, syslog-ng &systemd-journald work fine here. On all of our systems. I can only recommend it :-)
Because you keep both logs working. On my laptop, journal has no files, it is disabled, to avoid disk file duplication and load.
IMHO, syslog-ng is so much easier to configure, but ymmv.
Yes, I agree. -- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)