[ale] Maddog’s take on recent Red Hat source distribution changes

Solomon Peachy pizza at shaftnet.org
Mon Aug 21 09:07:53 EDT 2023 

On Sun, Aug 20, 2023 at 06:31:21PM -0400, Steve Litt via Ale wrote:
> By the way, I've heard rumors that you can install some sort of systemd
> thing which enables logging to produce text logs, and if that's true
> that minimizes the importance of the whole binary logging thing.

This is how RHEL7 (ie the first version with systemd) was configured out 
of the box; I don't know if they still default to that for RHEL8/RHEL9.

The way it works is that you tell systemd-journald to forward everything 
to a traditional syslog daemon ("ForwardToSyslog=yes" in 
/etc/systemd/journald.conf) which can then do whatever it wants with it. 

It also supports forwarding to the kernel kmsg queue, the console, and 
even wall.  All of these targets have a MaxLevel, eg so only "emergency" 
messages go to wall, but everything goes to Syslog.

You can also configure journald to *not* store anything to persistent 
storage, so you don't get duplicated logs.  You still get the complete 
output capture (ie stdout/stderr as well as syslog) in one place so it's 
a net improvement in functionality.  (Seriously, having all daemon 
output captured in a single stream is REALLY REALLY REALLY awesome when 
dealing with real-world daemons written by crack-addled monkeys)

('man journald.conf' explains all of this in excruciating detail)

FWIW, in the earlier days of journald, much like RHEL7 I set my systems 
up to route everthing through syslog-ng, but over time I found that 
journalctl's query/filter mechanisms provided a _vastly_ superior 
experience versus piping multiple greps together (particularly in the 
face of multiple daemons using the same syslog identifier, or multiple 
identifiers/facilities spread across multiple files) so once I ported 
over the last couple of my logfile watchers to use journalctl, I went 
pure journald only and haven't looked back.

(I've also found that journald binary files are pretty robust against 
 corruption, though of course if the system crashes hard before your logs 
 have been written to disk, you're always going to be SOL)

 - Solomon
-- 
Solomon Peachy			      pizza at shaftnet dot org (email&xmpp)
                                      @pizza:shaftnet dot org   (matrix)
Dowling Park, FL                      speachy (libra.chat)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://mail.ale.org/pipermail/ale/attachments/20230821/46b5c757/attachment.sig>

More information about the Ale mailing list