Lennart's Lemmings: Disable systemd binary logs

Forum rules
Share your brain ;)
User avatar
Alad
should take a shower
Posts: 447
Joined: Wed May 21, 2014 12:52 am

Lennart's Lemmings: Disable systemd binary logs

Unread post by Alad » Mon Jun 09, 2014 10:37 am

This recipe assumes you're using systemd; more information:
http://linuxbbq.org/bbs/viewtopic.php?f=19&t=1246

Journald:
- It logs Everything and his mother (Linus's thoughts)
- Stores logs in binary format (Lord Lennart's Lithurgy)

Here we'll address both, while keeping systemd.

Install the regular syslog service:

Code: Select all

# apt-get install syslog-ng logrotate
Configs:

Code: Select all

/etc/syslog-ng/syslog-ng.conf
------
source src {
  system();
  internal();
};
Disable the persistent journal:

Code: Select all

# rm -rf /var/log/journal
Enable syslog-ng:

Code: Select all

# systemctl enable syslog-ng
# systemctl start syslog-ng
Now you should see a socket, where journalctl redirects output to syslog:

Code: Select all

$ ls -l /run/systemd/journal
srw-rw-rw- 1 root root 0 Jun  9 04:54 syslog
Check it's all working:

Code: Select all

# cat /var/log/messages.log 
Jun  9 04:54:12 localhost systemd[1]: Listening on Syslog Socket.
Jun  9 04:54:12 localhost systemd[1]: Starting System Logger Daemon...
Jun  9 04:54:12 localhost systemd[1]: Started System Logger Daemon.
This leaves the volatile journal, which logs stuff not passed to syslog:
man journald.conf wrote:Storage=
"none" turns off all storage, all log data received will be dropped. Forwarding to other targets, such as the console, the kernel log buffer or a syslog daemon will still work however. Defaults to "auto".
Note: this affects the journalctl and systemctl commands.

Code: Select all

/etc/journald.conf
------
Storage=none
Logging can be limited further:
man journald.conf wrote:By default, only forwarding to syslog and wall is enabled. (...) MaxLevelStore=, MaxLevelSyslog=, MaxLevelKMsg=, MaxLevelConsole=, MaxLevelWall=

As argument, takes one of "emerg", "alert", "crit", "err", "warning", "notice", "info", "debug" or integer values in the range of 0..7 (corresponding to the same levels). Messages equal or below the log level specified are stored/forwarded, messages above are dropped.
For example:

Code: Select all

/etc/journald.conf
------
MaxLevelSyslog=info
Experience reports welcome. :D
It's funny how we used to be able to do real stuff with rudimentary computers, but now we can't. -- ratcheer

User avatar
RandomCharacter
Gangbanger
Posts: 323
Joined: Thu Aug 15, 2013 5:25 pm

Re: Lennart's Lemmings: Disable systemd binary logs

Unread post by RandomCharacter » Mon Jun 09, 2014 12:58 pm

Thanks, alad. I may not try doing it now, but it may come in handy.

Tim

PS - I am ratcheer on the irc channel.

User avatar
Alad
should take a shower
Posts: 447
Joined: Wed May 21, 2014 12:52 am

Re: Lennart's Lemmings: Disable systemd binary logs

Unread post by Alad » Thu Sep 04, 2014 8:19 pm

If you're on a non-systemd system and have to look at the binary logs, you can use strings to decipher them (apparently, the message text remains unaltered):

Code: Select all

strings /var/log/journal/<lotsofnumbers> | grep <stuff>
PS: systemd updates may re-enable a persistent journal also.
It's funny how we used to be able to do real stuff with rudimentary computers, but now we can't. -- ratcheer

User avatar
simgin
Meme Fodder
Posts: 1167
Joined: Sun Jan 06, 2013 12:07 am
Location: Bradford-on-Avon, UK

Re: Lennart's Lemmings: Disable systemd binary logs

Unread post by simgin » Thu Sep 04, 2014 9:03 pm

^ Yeah last Arch update showed that :) Many auto enabled items. Even does NM' ish stuff in it now, so no need for extras to connect to the internet. Which I think is handy.
Doublebladed sword, so please no flame war. Interesting stuff though.

simon
Someone told me that I am delusional, I almost fell off my unicorn.

Post Reply