Am 02.09.2016 um 09:56 schrieb Richard Brown:

On 2 September 2016 at 07:18, Per Jessen wrote:

...

Carlos E. R. wrote:

...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Hi,

In this machine (13.1) I use rsyslog. Some years ago I used syslog-ng.

I find rsyslog problematic when finding errors in the config file, it fails to point at the exact error.

what do you think is currently better, rsyslog or syslog-ng?

syslog-ng, without a doubt.

agreed, syslog-ng all the way. It's better documented, it's used elsewhere besides just linux, it can better ID message types and categorise them into classes, you can do realtime correlation, it's log files are easier to read, and last but no means least our very own contributor Peter Czanik is the upstream syslog-ng Community Manager so the support in openSUSE is top notch ;)

would syslog-ng give me a textfile like /var/log/messages that I can just look at from time to time? can I just install it with Yast, or do I have to do special settings (for example for compressing old logs etc.)? -- Daniel Bauer photographer Basel Barcelona http://www.daniel-bauer.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

On 09/02/2016 04:21 AM, Daniel Bauer wrote:

would syslog-ng give me a textfile like /var/log/messages that I can just look at from time to time?

The short answer is yes. The longer answer is that (a) it depends what you mean by "like", and (b) how willing you are to spend time learning, RTFM, reading how-to articles, to get syslog-ng to sing and dance the way you want. Maybe, just maybe, your expectations are low. In which case you want care that it can do things that you've never considered before and what may be of great benefit to you, automation your work and so forth in ways you never dreamt of. Who knows? In the dim mists of times long past one of the most useful programs to me as a pupal sysadmin was a tool called 'swatch'. This was long before the Swiss watch company of that name with the colourful bands. It was a Perl script that watched the output of the old, vanilla, under-equipped syslog. It could be configured to watch for any event or series of events occurring in a time period or sequence and notify you by email, writing to your console or even LO! by sending a message to your pager. This was in the days before cell phones and SMS. When they came along there was an upgrade for SMS :-) It even had what Marcus Ranum termed 'artificial ignorance' - it could ignore the stuff you deemed 'noise'. And lets face it, if you knew Perl you knew that its scanners and RE matching was so much better than the shell and grep! And faster and ... well, just Better! But now its irrelevant. There's syslog and there's syslog-ng. If you aren't interested in what syslog-ng can do that makes things like swatch irrelevant because syslog-ng can be configured to do it all, then stick with the vanilla 'syslog'. Why am I saying this? Regular readers will recall that I'm into amateur (that is, I don't get paid for it, no matter the quality) photography. I have been since my mid teens. I've owned many cameras; I've followed their technological evolution. I've been using SLRs for longer than I've been using *NIX. Sometimes I'm out and about and I meet professionals and discuss technique; yes they have good, often leading edge equipment, but that's incidental - being professionals they (a) need it and (b) can pay for it as a business expense. But we talk technique not technology. Then I meet the people with more money than sense. They buy expensive, complicated cameras and clearly don't know how to configure them - heck that might involve reading the manual and that's not !FUN! If you do talk to them they speak of the cost of their equipment and how great it is and how its so much better than my ("antiquated") stuff, how many meagpixels they have, how many lenses they have. I try not to deal with these people. All they have is very very expensive, very overpowered point-and-shoot. If all you need is the basic "point and sheet' level of technology then don't get something more complicated, more complex, more configurable than you need unless you are willing to invest in learning about it and making use of its capability. It will be a frustration for you. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

On 2016-09-02 09:56, Richard Brown wrote:

On 2 September 2016 at 07:18, Per Jessen wrote:

...

Carlos E. R. wrote:

...

Hi,

In this machine (13.1) I use rsyslog. Some years ago I used syslog-ng.

I find rsyslog problematic when finding errors in the config file, it fails to point at the exact error.

what do you think is currently better, rsyslog or syslog-ng?

syslog-ng, without a doubt.

agreed, syslog-ng all the way. It's better documented, it's used elsewhere besides just linux, it can better ID message types and categorise them into classes, you can do realtime correlation, it's log files are easier to read, and last but no means least our very own contributor Peter Czanik is the upstream syslog-ng Community Manager so the support in openSUSE is top notch ;)

Then I'll try it again in 42.2, and probably switch back to it. For some reason, rsyslog was the default on openSUSE some years back, that's the reason I have it. And it's given me problems. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)

On Friday, 2 September 2016 15:29:51 BST Carlos E. R. wrote:

On 2016-09-02 15:05, Carlos E. R. wrote:

...

Then I'll try it again in 42.2, and probably switch back to it.

I just did. I was very surprised that when I started it, it logged all messages since boot. It must have queried the systemd journal, instead of starting logging messages since the instant it starts to run. I think both syslog and rsyslog have been updated to query the journal database. I think the config option in systemd to forward logs to syslog is not longer set to do it automatically, i think they are going to drop the option

-- Qt: 5.6.1 KDE Frameworks: 5.25.0 kf5-config: 1.0 KDE Plasma: 5.7.4 Kernel: 4.7.2-1-default opensuse:tumbleweed:20160831 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

After a restart /var/log/messages was created and filled with actual and even very old data. So everything ok. Sorry. Am 02.09.2016 um 20:37 schrieb Daniel Bauer:

Am 02.09.2016 um 15:29 schrieb Carlos E. R.:

...

On 2016-09-02 15:05, Carlos E. R. wrote:

...

Then I'll try it again in 42.2, and probably switch back to it.

I just did. I was very surprised that when I started it, it logged all messages since boot. It must have queried the systemd journal, instead of starting logging messages since the instant it starts to run.

hm. I did it, too, but probably I did something wrong: my /var/log/messages (and the other files there that were created after the install) are all 0 bytes.

I remember that when installing syslog-ng Yast told me something about a conflict with some system-logging program that it wanted to remove, and I accepted. Maybe I shouldn't... (I don't remember exactly what it removed, but my /var/log/zypp/history files says: remove |systemd-logger|210-95.1|x86_64|... )

What did I do wrong? How can I repair it?

Daniel

(For the other messages here: I am not at systems analyzer and most things in those logs are chinese to me. But sometimes - in very rare cases - I took a look what is going on, and sometimes I found some anomalities. As much as I know, in the current binary version of the logs I first must know what I am looking for and make a query, but I never know: I just scroll thru the list and see if there's something "suspicious". A /very/ amateur approach, I know. )

-- Daniel Bauer photographer Basel Barcelona http://www.daniel-bauer.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Carlos E. R. wrote:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

On 2016-09-02 20:47, Daniel Bauer wrote:

...

After a restart /var/log/messages was created and filled with actual and even very old data. So everything ok. Sorry.

Next step is stopping systemd keeping the journal. There are settings for this which I'll have to find out again.

It used to be just "rm -Rf /var/log/journal", but that is now (Leap421) living in /run/log which is a tmpfs. The size is limited, so there's probably no need to do anything. -- Per Jessen, Zürich (19.2°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

On Sat, Sep 03, Carlos E. R. wrote:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

On 2016-09-02 20:47, Daniel Bauer wrote:

...

After a restart /var/log/messages was created and filled with actual and even very old data. So everything ok. Sorry.

Next step is stopping systemd keeping the journal. There are settings for this which I'll have to find out again.

Arrggghhh. syslog-ng may "conflict" with systemd-journald, but that seems..odd. Insofar as I've just discovered syslog-ng rather depends on a running systemd-journald in order to get any messages. I had enabled & started syslog-ng, and disabled & stopped systemd-journal. Today I notice that I have nothing except stats() in /var/log/messages. Everything else stopped at the same point where I turned off systemd-journald... So it seems not so much either/or as "would you like us to scribble the messages in the old-fashioned way to /var/log AS WELL?" If someone from SuSE knows definitively if this is How It Works, clarification would be welcome. TIA, Michael -- Michael Fischer michael@visv.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

On Tue, Sep 06, Carlos E. R. wrote:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Content-ID:

El 2016-09-06 a las 14:12 -0400, Michael Fischer escribió:

...

On Sat, Sep 03, Carlos E. R. wrote:

...

...

Next step is stopping systemd keeping the journal. There are settings for this which I'll have to find out again.

Arrggghhh.

syslog-ng may "conflict" with systemd-journald, but that seems..odd.

Insofar as I've just discovered syslog-ng rather depends on a running systemd-journald in order to get any messages. I had enabled & started syslog-ng, and disabled & stopped systemd-journal. Today I notice that I have nothing except stats() in /var/log/messages. Everything else stopped at the same point where I turned off systemd-journald...

Oh :-((

...

So it seems not so much either/or as "would you like us to scribble the messages in the old-fashioned way to /var/log AS WELL?"

If someone from SuSE knows definitively if this is How It Works, clarification would be welcome.

Have you tried to leave systemd-journal running, but with the

Storage=none

setting? (in /etc/systemd/journald.conf)

Hmm. No, but that's a thought. $ du -sh /var/log/journal 41M /var/log/journal/69c54807c3cb473b82a49c7b7e022c37 Is not all that bad, actually. But.... Ok, just tried it, making sure that ForwardToSyslog=yes Storage=none And after the ritual `systemctl daemon-reload; systemctl restart systemd-journald.service` .... `logger -p LOCAL4.INFO "test message"` goes nowhere. So I'm either misunderstanding journald.conf(5), or the line in there which says """ "none" turns off all storage, all log data received will be dropped. Forwarding to other targets, such as the console, the kernel log buffer or a syslog daemon will still work however. """ is lying. Michael -- Michael Fischer michael@visv.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Andrei Borzenkov wrote:

Not really. It depends on how syslog-ng gets messages from journald. If it is configured as journald client (as opposed to listening on socket) then it can only get messages that had been stored.

The default config uses "system()" which almost certainly means /dev/log. -- Per Jessen, Zürich (12.7°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 2016-09-07 a las 16:07 +0300, Andrei Borzenkov escribió:

Отправлено с iPhone

When journald is active, it takes over /dev/log and forwards messages over alternate socket; syslog daemon must be explicitly configured to listen to this alternate socket.

From syslog-ng system() documentation:

If the host is running under systemd, syslog-ng OSE reads directly from the systemd journal file using the systemd-journal() source.--

Just what I thought and I do not like. - -- Cheers Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlfQHNEACgkQja8UbcUWM1x4yQD5AVrRtsvVa+sWg0YqFDP0sLIc nO8qxc+qWHkY4BtHdToA+wf1bX3VqT6PZYkRzR8wGyJHtkQblqdyHBHMZPW2kij0 =nZFk -----END PGP SIGNATURE-----

Michael Fischer wrote:

On Wed, Sep 07, Andrei Borzenkov wrote:

...

Отправлено с iPhone

...

7 сент. 2016 г., в 9:08, Per Jessen написал(а):

Andrei Borzenkov wrote:

...

Not really. It depends on how syslog-ng gets messages from journald. If it is configured as journald client (as opposed to listening on socket) then it can only get messages that had been stored.

The default config uses "system()" which almost certainly means /dev/log.

When journald is active, it takes over /dev/log and forwards messages over alternate socket; syslog daemon must be explicitly configured to listen to this alternate socket.

From syslog-ng system() documentation:

If the host is running under systemd, syslog-ng OSE reads directly from the systemd journal file using the systemd-journal() source.--

Aha. That was the pointer I was looking for. Interestingly, this seems to happen "under the hood": the strings "systemd" and "journal" appear nowhere under /etc/syslog-ng nor in /etc/sysconfig/syslog.

In syslog-ng, I think the system() source does it all for you. There is some documentation though: https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-o... -- Per Jessen, Zürich (22.8°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

On September 7, 2016 10:20:57 AM PDT, "Carlos E. R." wrote:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

El 2016-09-07 a las 10:38 -0400, Michael Fischer escribió:

...

On Wed, Sep 07, Andrei Borzenkov wrote:

...

...

If the host is running under systemd, syslog-ng OSE reads directly from the systemd journal file using the systemd-journal() source.--

Aha. That was the pointer I was looking for. Interestingly, this seems to happen "under the hood": the strings "systemd" and "journal" appear nowhere under /etc/syslog-ng nor in /etc/sysconfig/syslog.

At this point I'm going to make a note not to disable systemd-journald, nor to set its Storage=none, and leave it like Per said: "just works".

I think you should limit the size, because it uses tmpfs to store the temporary journal.

That's true, and tmpfs is backed by disk if I'm not mistaken. But also people should look at setting the various MaxLevel logging levels down in journals.conf. This might make more sense than tight limits. KDE is especially egregious at logging every little thing at the warning level. Almost none of that chatter is useful to anyone, and could go out at debug level, or even info. But the defaults are set such that all this chatter accumulates on disk.

- -- Cheers Carlos E. R.

(from 13.1 x86_64 "Bottle" (Minas Tirith))

-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux)

iF4EAREIAAYFAlfQTHkACgkQja8UbcUWM1yWCAD/drwGVXA6rOlPujlah6HXe791 zzl+4d1OPJ0HKOz4Oe0A/ixvsbjK+CZ2MKxLZUAMYm8+VKo7JFesnxnwzFtKQDDG =TJtX -----END PGP SIGNATURE-----

-- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Carlos E. R. wrote:

El 2016-09-07 a las 10:38 -0400, Michael Fischer escribió:

...

On Wed, Sep 07, Andrei Borzenkov wrote:

...

...

If the host is running under systemd, syslog-ng OSE reads directly from the systemd journal file using the systemd-journal() source.--

Aha. That was the pointer I was looking for. Interestingly, this seems to happen "under the hood": the strings "systemd" and "journal" appear nowhere under /etc/syslog-ng nor in /etc/sysconfig/syslog.

At this point I'm going to make a note not to disable systemd-journald, nor to set its Storage=none, and leave it like Per said: "just works".

I think you should limit the size, because it uses tmpfs to store the temporary journal.

I have never had a need to do that, in fact I've never even considered it :-). According to the stats: Leap422 on a 1Gb xen guest: Sep 04 18:08:44 linux systemd-journald[281]: Runtime journal (/run/log/journal/) is currently using 6.1M. Maximum allowed usage is set to 49.4M. Leaving at least 74.1M free (of currently available 487.8M of space).... Leap422 on a 4Gb desktop: Sep 07 09:08:29 linux systemd-journald[385]: Runtime journal (/run/log/journal/) is currently using 8.0M. Maximum allowed usage is set to 182.8M. Leaving at least 274.2M free (of currently available 1.7G of space).... I assume the "Maximum allowed usage" is correct. -- Per Jessen, Zürich (15.4°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Carlos E. R. wrote:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

El 2016-09-08 a las 08:23 +0200, Per Jessen escribió:

...

Carlos E. R. wrote:

...

...

I think you should limit the size, because it uses tmpfs to store the temporary journal.

I have never had a need to do that, in fact I've never even considered it :-). According to the stats:

Leap422 on a 1Gb xen guest: Sep 04 18:08:44 linux systemd-journald[281]: Runtime journal (/run/log/journal/) is currently using 6.1M. Maximum allowed usage is set to 49.4M. Leaving at least 74.1M free (of currently available 487.8M of space)....

What was the command to find out...?

Sorry, should have mentioned it: systemctl status systemd-journald

Before I defined limits, it was about half a gigabyte, because of the nntp and mail logs.

On one of our typical production system, I have mail logs of 400Mb per day. -- Per Jessen, Zürich (24.0°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Carlos E. R. wrote:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

El 2016-09-06 a las 15:42 -0400, Michael Fischer escribió:

...

On Tue, Sep 06, Carlos E. R. wrote:

...

...

Have you tried to leave systemd-journal running, but with the

Storage=none

setting? (in /etc/systemd/journald.conf)

Hmm. No, but that's a thought.

$ du -sh /var/log/journal 41M /var/log/journal/69c54807c3cb473b82a49c7b7e022c37

Is not all that bad, actually. But....

Ok, just tried it, making sure that

ForwardToSyslog=yes Storage=none

And after the ritual `systemctl daemon-reload; systemctl restart systemd-journald.service` .... `logger -p LOCAL4.INFO "test message"` goes nowhere.

So I'm either misunderstanding journald.conf(5), or the line in there which says

""" "none" turns off all storage, all log data received will be dropped. Forwarding to other targets, such as the console, the kernel log buffer or a syslog daemon will still work however. """

is lying.

No, I don't think so. It depends how syslog-ng takes the messages. If it does something similar to read the log file (and I think it does) it will see nothing.

I think it reads the files because I started syslog-ng hours after booting, and still got boot messages.

This is a pity... I don't like it. I may stay with rsyslog instead.

They both get their messages from the same places - /dev/log and /proc/kmsg. (that's where your kernewl messages came from). -- Per Jessen, Zürich (12.9°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

On Sat, Sep 03, Carlos E. R. wrote:

...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

On 2016-09-02 20:47, Daniel Bauer wrote:

...

After a restart /var/log/messages was created and filled with actual and even very old data. So everything ok. Sorry.

Next step is stopping systemd keeping the journal. There are settings for this which I'll have to find out again.

Arrggghhh.

syslog-ng may "conflict" with systemd-journald, but that seems..odd.

Insofar as I've just discovered syslog-ng rather depends on a running systemd-journald in order to get any messages. I had enabled & started syslog-ng, and disabled & stopped systemd-journal. Today I notice that I have nothing except stats() in /var/log/messages. Everything else stopped at the same point where I turned off systemd-journald...

So it seems not so much either/or as "would you like us to scribble the messages in the old-fashioned way to /var/log AS WELL?"

If someone from SuSE knows definitively if this is How It Works, clarification would be welcome. There used to be a config option in systemd to forward all logs to syslog/ rsyslog. You can try find that setting but they were going to deprecate the

On Tuesday, 6 September 2016 14:12:31 BST Michael Fischer wrote: option because rsyslog/syslog extract the data from the jounral themselves now.

TIA,

Michael

-- Qt: 5.6.1 KDE Frameworks: 5.25.0 kf5-config: 1.0 KDE Plasma: 5.7.4 Kwin5: 5.7.4-152.2 Kernel: 4.7.2-1-default opensuse:tumbleweed:20160901 Nouveau: 1.0.12-1.4 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Content-ID: El 2016-09-07 a las 09:42 +0200, Per Jessen escribió:

ianseeks wrote:

...

There used to be a config option in systemd to forward all logs to syslog/ rsyslog. You can try find that setting but they were going to deprecate the option because rsyslog/syslog extract the data from the jounral themselves now.

Yep - that option is either gone, on by default or as you say, not needed. When you install either log-daemon, it just works.

But the way it "just works" by default is by reading the log files, which means that there is a delay. First systemd processes the entries, writes them to file, them syslog gets them, processes them, and writes them. Not simultaneously. If systemd has problems, syslog will also have them. Another test will be culling the messages that systemd gets, and then checking if syslog gets them all or only the culled messages. /etc/systemd/journald.conf MaxLevelStore=info - -- Cheers Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlfP93oACgkQja8UbcUWM1zPCgD+MSxVJsGhx5Ny6gZ/alY5rvMw 7ZvCUQxnkxHvG8wIeqUBAJGqf+tbLJtFJZ6o59WA7NHdqQ+9/l4fnw9pZDMTr8/c =DlCl -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2016-09-02 20:37, Daniel Bauer wrote:

Am 02.09.2016 um 15:29 schrieb Carlos E. R.:

...

On 2016-09-02 15:05, Carlos E. R. wrote:

...

Then I'll try it again in 42.2, and probably switch back to it.

I just did. I was very surprised that when I started it, it logged all messages since boot. It must have queried the systemd journal, instead of starting logging messages since the instant it starts to run.

hm. I did it, too, but probably I did something wrong: my /var/log/messages (and the other files there that were created after the install) are all 0 bytes.

Because the syslog service gets enabled, not started. Perhaps a bug? Dunno. So either reboot, or start it manually.

(For the other messages here: I am not at systems analyzer and most things in those logs are chinese to me. But sometimes - in very rare cases - I took a look what is going on, and sometimes I found some anomalities. As much as I know, in the current binary version of the logs I first must know what I am looking for and make a query, but I never know: I just scroll thru the list and see if there's something "suspicious". A /very/ amateur approach, I know. )

You can simply do "journalctl | less -S" and you get the entire log in text form. The problem is that if the log is persistent and you use rotating disks, the operation is slow. Like half an hour. Another problem, for me, is that even without permanent systemd journal the space used in ram and disk is very large, because some services I use are very, very talkative, filling gigabytes of text. It is not possible, AFAIK, to tell the journal to purge certain classes of messages to devnull and keep the rest. With any syslog daemon that is trivial. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlfKGvoACgkQja8UbcUWM1xOHwEAoKgJNPbpA3fhu3WM6ArBKtTS tHg/cfP9mxZL9VU/O24A+QH6AUZSaak3+bWo/aWw1dIJFJpzIiO83x4UuCqT2jAj =tbK4 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

On Fri, Sep 02, Anton Aylward wrote:

On 09/02/2016 09:05 AM, Carlos E. R. wrote:

...

For some reason, rsyslog was the default on openSUSE some years back, that's the reason I have it. And it's given me problems.

If rsyslog gave you problems, what makes you think the more complex, more advanced syslog-ng wont?

Speaking personally, the config syntax for -ng is *far* nicer to work with, irrespective of whether I'm shooting for something "complex" or simple. Oh, Carlos, as I just went through this exercise this morning... be prepared for huge amounts of systemd spam in /var/log/messages. See http://www.linuxquestions.org/questions/fedora-35/systemd-log-flood-session-... as just one example I found out there. Lots of bad "just filter it" answers out there, on that and other threads, but page two of the above seems to have figured out the appropriate workaround: `sudo loginctl enable-linger root`. Quoting the hypothesis from the above, and trying it now: "Systemd is running a per-user systemd for root whenever a session is started, e.g. to run a cron job. Then when root’s last session is closed, the per-user systemd is killed. The spew of log messages has to do with the the spawning and killing of that per-user systemd." Michael -- Michael Fischer michael@visv.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Michael Fischer wrote:

On Fri, Sep 02, Anton Aylward wrote:

...

On 09/02/2016 09:05 AM, Carlos E. R. wrote:

...

For some reason, rsyslog was the default on openSUSE some years back, that's the reason I have it. And it's given me problems.

If rsyslog gave you problems, what makes you think the more complex, more advanced syslog-ng wont?

Speaking personally, the config syntax for -ng is *far* nicer to work with,

I second that. That is probably my top reason for using syslog-ng. -- Per Jessen, Zürich (26.4°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Anton Aylward wrote:

On 09/02/2016 10:53 AM, Michael Fischer wrote:

...

On Fri, Sep 02, Anton Aylward wrote:

...

On 09/02/2016 09:05 AM, Carlos E. R. wrote:

...

For some reason, rsyslog was the default on openSUSE some years back, that's the reason I have it. And it's given me problems.

If rsyslog gave you problems, what makes you think the more complex, more advanced syslog-ng wont?

Speaking personally, the config syntax for -ng is *far* nicer to work with, irrespective of whether I'm shooting for something "complex" or simple.

Speaking as someone who is very CLI oriented and tends to edit config files by hand rather than use YAST or some other configuration management tool specific to such things, ... well, that's a consideration.

But if you're a more normal, regular user who doesn't have this obsession that Thee and Mee seem to have,

A "more normal, regular user" is hopefully quite happy with the current openSUSE default (of having no syslog daemon). -- Per Jessen, Zürich (26.0°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

On 09/02/2016 12:35 PM, Per Jessen wrote:

A "more normal, regular user" is hopefully quite happy with the current openSUSE default (of having no syslog daemon).

I can't argue with that! :-) -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

On 2016-09-02 16:36, Anton Aylward wrote:

On 09/02/2016 09:05 AM, Carlos E. R. wrote:

...

For some reason, rsyslog was the default on openSUSE some years back, that's the reason I have it. And it's given me problems.

If rsyslog gave you problems, what makes you think the more complex, more advanced syslog-ng wont?

That's what I'm going to try :-) The main problem is that rsyslog, when it finds a syntax error, does not point to the token in error, not says the exact type of error. It just says the line, and with line continuation (\) this can be anywhere in thirty lines in my setup. I have to remove all of them and re-add one by one till I find the bad one. Remember I said I used syslog-ng years ago. I still have backups of my files. At least this one. :-) -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)

On 09/02/2016 11:37 AM, Per Jessen wrote:

Anton Aylward wrote:

...

On 09/02/2016 09:05 AM, Carlos E. R. wrote:

...

For some reason, rsyslog was the default on openSUSE some years back, that's the reason I have it. And it's given me problems.

If rsyslog gave you problems, what makes you think the more complex, more advanced syslog-ng wont?

What makes you think syslog-ng is more complex, Anton? I distinctly remember a few years back when openSUSE switched to rsyslog. I tried to get rsyslog to write timestamps in the ISO8601 format. In syslog-ng it was just add "ts_format(iso)" to the main options, I don't remember if I ever worked it out in rsyslog :-)

You've just answered the question. Other posts to this thread answer it. The -ng can do more, is more capable * it has better 'human oriented functions' * it handles a more readable, understandable, less machine oriented config * it has better error handling, for example of errors in the config * it can do things that rsyslog couldn't I'm not saying that a batter architectural model, one more understandable and perhaps more easily maintained because of that is always less complex, but my expeince is that more code and more maintenance and more time/entropy doesn't help. I've seen some applications, for example, that were large enough in C and when recoded in C++ the number of lines dropped dramatically, but that didn't mean it was more understandable to someone meeting it for the first time. FORTH and APL have been termed 'write only languages' because they are understandable only by the author; yes anyone can write code like that but some languages lend themselves to it more so - in my opinion C++ is one. But that's beside the point when the re-architecting adds complexity. And the simplicity of the UI is no measure of the simplicity of the code. Some of the nicest, most user-oriented GUI applications are a horrible mess of event handling spaghetti. Yes I prefer -ng. Yes I prefer something I can manage, so long as I'm not expected to code it or maintain the code. Long gone are the days when the UNIX Guru knew all the code on the system, the kernel, the shell, ed and more. So much of Linux is one person or one team dealing with one application or subsystem. The time for generalist code-jockeys is long gone; they'd be drowned in the sheer volume. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org