On 2016-03-03 17:59, Anton Aylward wrote:
On 03/03/2016 11:12 AM, Carlos E. R. wrote:
It is very fair. Two weeks, including mail and news and everything:
The point I was trying to make wasn't about the time span but about the method. Having journalctl output *everything* then greping is the wrong way to do it. Journalctl is managing what amounts to a database, make the database mechanism, the 'indexing', do the work.
In effect you wrote
select * from all tables | grep ....
where I was writing
select 'postfix' or 'fetchmail' or 'fetchnews' from commands ...
That you choose, in your specific config, to have different time spans for journald and /var/log/messages is just being antagonistic and missing the point.
Wait. My point was about the size of the logs, not about how to select entries. I'm familiar with using databases for log systems: in fact, that was one of my jobs. I worked at a control centre for a telephone network watching reports for issues, which were automatically collected from text logs from several "machines" all over the country and placed into a specific database for analysis and real time alarms (Lucent Network Fault Management (NFM)). No, my issue with the journal is that the log for 6 days uses 300 MB, while the syslog for more than double that same period uses less than 30MB. I previously used grep on the log to show that the majority of entries came from mail and news system. And I used grep because I have not found the way to tell journalctl to print simply the entries for one of the "facilities", in this case, "mail". cer@Telcontar:~> man journalctl | grep facility cer@Telcontar:~> -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)