On Feb 27, 2014, at 12:28 PM, Lars E. Pettersson <lars(a)homer.se&gt; wrote: > On 02/26/14 19:23, lee wrote: >> What is the purpose of this log duplication? When systemd has its own >> logs, it doesn´t seem necessary to duplicate them by sending their >> contents to syslogd. > > One could also ask why systemd duplicates the logging formerly only done by syslogd. This has been answered many times already, it's an old argument.

> For me looking through my ASCII-based text-logs created by syslogd is far faster than using journalctl. Things that takes over 25 minutes with journalctl, only takes 66 seconds grepping the syslogd logs. (see bug 1047719, that no-one seems to care about) Why are the logs so large? Each log file I have is either 8MB, 16MB, or maximum 24MB. So somehow yours are getting very large before they are turned over. Also do you normally search all logs for all time? Or are you searching in the most recent boot? You can use journalctl -b -1 to search the last boot, -2 the one before that. It can be done using --since with a date to encompass multiple boots yet not all boots. There is also -u to filter by unit. If you have journalctl do some filtering in advance then not so much stuff is dumped into grep to filter.

> ASCII-based logs can be read by anybody using any editor. To read the journal you need journalctl, or similar program, as the journal is binary and not readily readable. It's fine to want plain logs but that is a subset of the amount of information the journal can only retain with binary including checksumming so the logs can be verified, and universal time/date stamping that causes journalctl to report the even in local time even if the server is not local, the list of things that can be done are unlimited. So the superset log is a necessity in any case and if the plain text rsyslog is meeting your needs then why would you bother with journalctl at all?

> Another reason is that there still exist programs/daemons/etc. that rely on the logs in /var/log. > > If you do not like syslogd, well F20 does not ship it anymore… I think the repo has both rsyslog and syslog-ng.

"Lars E. Pettersson" <lars(a)homer.se&gt; writes: > On 02/26/14 19:23, lee wrote: >> What is the purpose of this log duplication? When systemd has its own >> logs, it doesn´t seem necessary to duplicate them by sending their >> contents to syslogd. > > One could also ask why systemd duplicates the logging formerly only > done by syslogd. > > For me looking through my ASCII-based text-logs created by syslogd is > far faster than using journalctl. Things that takes over 25 minutes > with journalctl, only takes 66 seconds grepping the syslogd logs. (see > bug 1047719, that no-one seems to care about) > > ASCII-based logs can be read by anybody using any editor. To read the > journal you need journalctl, or similar program, as the journal is > binary and not readily readable. > > Another reason is that there still exist programs/daemons/etc. that > rely on the logs in /var/log. > > If you do not like syslogd, well F20 does not ship it anymore... What I don´t like is unnecessary double logging and hidden log files that cannot be read without special software, like binary ones. How do I disable these binary logs and have everything logged with syslogd?

How do they think users will ever get a working system with no logging and not even an mta installed?

On 02/26/14 19:23, lee wrote: > What is the purpose of this log duplication? When systemd has its own > logs, it doesn´t seem necessary to duplicate them by sending their > contents to syslogd. One could also ask why systemd duplicates the logging formerly only done by syslogd. For me looking through my ASCII-based text-logs created by syslogd is far faster than using journalctl. Things that takes over 25 minutes with journalctl, only takes 66 seconds grepping the syslogd logs. (see bug 1047719, that no-one seems to care about) ASCII-based logs can be read by anybody using any editor. To read the journal you need journalctl, or similar program, as the journal is binary and not readily readable. Another reason is that there still exist programs/daemons/etc. that rely on the logs in /var/log. If you do not like syslogd, well F20 does not ship it anymore...

The syslog daemon writes whatever systemd sends to it. On one of my systems systemd decided to send the whole systemd journal to the syslog daemon, by doing so starting to write log lines from last year in my /var/log/messages.

Besides the time changing, I'm also dying to know how (or WHY rather) it also decided to stop all those services.

On Tue, Feb 25, 2014 at 11:30 AM, Neal Becker <ndbecker2(a)gmail.com&gt; wrote: > This f20 server has been running just fine for months. Today it became > unresponsive. Couldn't ssh into it (ping ok). Not thrashing disk (disk > light > not continuously on). > > I hit the power button and rebooted. After reboot, checked > /var/log/messages: > > Feb 25 12:06:18 nbecker7 kernel: [ 49.667251] tun: Universal TUN/TAP > device > driver, 1.6 > Feb 25 12:06:18 nbecker7 kernel: [ 49.667254] tun: (C) 1999-2004 Max > Krasnyansky <maxk(a)qualcomm.com&gt; > Feb 25 12:06:18 nbecker7 kernel: [ 59.015938] Ebtables v2.0 registered > Feb 25 12:06:18 nbecker7 kernel: [ 59.601221] ip6_tables: (C) 2000-2006 > Netfilter Core Team > Feb 25 12:06:18 nbecker7 kernel: [ 65.646938] Bridge firewalling > registered > Feb 25 12:06:18 nbecker7 kernel: [ 65.671316] device virbr0-nic entered > promiscuous mode > Feb 25 12:06:18 nbecker7 kernel: [ 66.410670] virbr0: port 1(virbr0-nic) > entered listening state > Feb 25 12:06:18 nbecker7 kernel: [ 66.410678] virbr0: port 1(virbr0-nic) > entered listening state > Feb 25 12:06:18 nbecker7 kernel: [ 66.410724] IPv6: ADDRCONF(NETDEV_UP): > virbr0: link is not ready > Feb 25 12:06:18 nbecker7 kernel: [ 66.668588] virbr0: port 1(virbr0-nic) > entered disabled state > Feb 25 12:06:54 nbecker7 kernel: [ 109.855407] fuse init (API version > 7.22) > Jan 8 10:48:32 nbecker7 systemd: Stopped target Graphical Interface. > Jan 8 10:48:32 nbecker7 systemd: Stopping Multi-User System. > Jan 8 10:48:32 nbecker7 systemd: Stopped target Multi-User System. > Jan 8 10:48:32 nbecker7 systemd: Stopping ABRT kernel log watcher... > Jan 8 10:48:32 nbecker7 systemd: Stopping Command Scheduler... > Jan 8 10:48:32 nbecker7 systemd: Stopping Install ABRT coredump hook... > Jan 8 10:48:32 nbecker7 systemd: Stopping ABRT Xorg log watcher... > Jan 8 10:48:32 nbecker7 systemd: Stopping OpenSSH server daemon... > > How did the date just become Jan 8?? > > -- > users mailing list > users(a)lists.fedoraproject.org > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org > >

This f20 server has been running just fine for months. Today it became unresponsive. Couldn't ssh into it (ping ok). Not thrashing disk (disk light not continuously on). I hit the power button and rebooted. After reboot, checked /var/log/messages: Feb 25 12:06:18 nbecker7 kernel: [ 49.667251] tun: Universal TUN/TAP device driver, 1.6 Feb 25 12:06:18 nbecker7 kernel: [ 49.667254] tun: (C) 1999-2004 Max Krasnyansky <maxk(a)qualcomm.com&gt; Feb 25 12:06:18 nbecker7 kernel: [ 59.015938] Ebtables v2.0 registered Feb 25 12:06:18 nbecker7 kernel: [ 59.601221] ip6_tables: (C) 2000-2006 Netfilter Core Team Feb 25 12:06:18 nbecker7 kernel: [ 65.646938] Bridge firewalling registered Feb 25 12:06:18 nbecker7 kernel: [ 65.671316] device virbr0-nic entered promiscuous mode Feb 25 12:06:18 nbecker7 kernel: [ 66.410670] virbr0: port 1(virbr0-nic) entered listening state Feb 25 12:06:18 nbecker7 kernel: [ 66.410678] virbr0: port 1(virbr0-nic) entered listening state Feb 25 12:06:18 nbecker7 kernel: [ 66.410724] IPv6: ADDRCONF(NETDEV_UP): virbr0: link is not ready Feb 25 12:06:18 nbecker7 kernel: [ 66.668588] virbr0: port 1(virbr0-nic) entered disabled state Feb 25 12:06:54 nbecker7 kernel: [ 109.855407] fuse init (API version 7.22) Jan 8 10:48:32 nbecker7 systemd: Stopped target Graphical Interface. Jan 8 10:48:32 nbecker7 systemd: Stopping Multi-User System. Jan 8 10:48:32 nbecker7 systemd: Stopped target Multi-User System. Jan 8 10:48:32 nbecker7 systemd: Stopping ABRT kernel log watcher... Jan 8 10:48:32 nbecker7 systemd: Stopping Command Scheduler... Jan 8 10:48:32 nbecker7 systemd: Stopping Install ABRT coredump hook... Jan 8 10:48:32 nbecker7 systemd: Stopping ABRT Xorg log watcher... Jan 8 10:48:32 nbecker7 systemd: Stopping OpenSSH server daemon... How did the date just become Jan 8??