LinuxBBQ

Posted: **Mon Jun 09, 2014 10:37 am**

This recipe assumes you're using systemd; more information:
http://linuxbbq.org/bbs/viewtopic.php?f=19&t=1246

Journald:
- It logs Everything and his mother (Linus's thoughts)
- Stores logs in binary format (Lord Lennart's Lithurgy)

Here we'll address both, while keeping systemd.

Install the regular syslog service:

Code: Select all

# apt-get install syslog-ng logrotate

Configs:

Code: Select all

/etc/syslog-ng/syslog-ng.conf
------
source src {
  system();
  internal();
};

Disable the persistent journal:

Code: Select all

# rm -rf /var/log/journal

Enable syslog-ng:

Code: Select all

# systemctl enable syslog-ng
# systemctl start syslog-ng

Now you should see a socket, where journalctl redirects output to syslog:

Code: Select all

$ ls -l /run/systemd/journal
srw-rw-rw- 1 root root 0 Jun  9 04:54 syslog

Check it's all working:

Code: Select all

# cat /var/log/messages.log 
Jun  9 04:54:12 localhost systemd[1]: Listening on Syslog Socket.
Jun  9 04:54:12 localhost systemd[1]: Starting System Logger Daemon...
Jun  9 04:54:12 localhost systemd[1]: Started System Logger Daemon.

This leaves the volatile journal, which logs stuff not passed to syslog:

man journald.conf wrote:Storage=
"none" turns off all storage, all log data received will be dropped. Forwarding to other targets, such as the console, the kernel log buffer or a syslog daemon will still work however. Defaults to "auto".

Note: this affects the journalctl and systemctl commands.

Code: Select all

/etc/journald.conf
------
Storage=none

Logging can be limited further:

man journald.conf wrote:By default, only forwarding to syslog and wall is enabled. (...) MaxLevelStore=, MaxLevelSyslog=, MaxLevelKMsg=, MaxLevelConsole=, MaxLevelWall=

As argument, takes one of "emerg", "alert", "crit", "err", "warning", "notice", "info", "debug" or integer values in the range of 0..7 (corresponding to the same levels). Messages equal or below the log level specified are stored/forwarded, messages above are dropped.

For example:

Code: Select all

/etc/journald.conf
------
MaxLevelSyslog=info

Experience reports welcome. :D

Posted: **Mon Jun 09, 2014 12:58 pm**

Thanks, alad. I may not try doing it now, but it may come in handy.

Tim

PS - I am ratcheer on the irc channel.

Posted: **Thu Sep 04, 2014 8:19 pm**

If you're on a non-systemd system and have to look at the binary logs, you can use strings to decipher them (apparently, the message text remains unaltered):

Code: Select all

strings /var/log/journal/<lotsofnumbers> | grep <stuff>

PS: systemd updates may re-enable a persistent journal also.

Posted: **Thu Sep 04, 2014 9:03 pm**

^ Yeah last Arch update showed that :) Many auto enabled items. Even does NM' ish stuff in it now, so no need for extras to connect to the internet. Which I think is handy.
Doublebladed sword, so please no flame war. Interesting stuff though.

simon

LinuxBBQ

Lennart's Lemmings: Disable systemd binary logs

Lennart's Lemmings: Disable systemd binary logs

Re: Lennart's Lemmings: Disable systemd binary logs

Re: Lennart's Lemmings: Disable systemd binary logs

Re: Lennart's Lemmings: Disable systemd binary logs