On Tuesday, February 4, 2020 9:01:55 PM EST Matt Zagrabelny wrote: > On Tue, Feb 4, 2020 at 5:15 PM Scott Kitterman <debian@kitterman.com> wrote: > > On Tuesday, February 4, 2020 5:22:15 PM EST Vincent Bernat wrote: > > > ❦ 4 février 2020 11:30 -08, Russ Allbery <rra@debian.org>: > > > >> As a heavy user or Rsyslog features I feel that switching default > > > >> logging system yields no benefits to say the least. > > > > > > > > As a heavy user, perhaps you're not the target audience for a default? > > > > You're going to install rsyslog no matter what, since you know it well > > > > and > > > > use it heavily. The only effect of this change on you will be a > > > > one-line > > > > change to whatever you use for configuration management for new > > > > systems. > > > > > > rsyslog even knows how to directly pull logs from the journal, which > > > gives you access to stuff not logged to syslog (stdout/stderr of service > > > files, applications logging directly to journal), as well to structured > > > logs (comm pid, user, unit and more when the service supports journald > > > directly). > > > > For those of us who aren't customizers of Debian's logging function, it'd > > be nice to have a clearer understanding of what this changes means. > > > > Today, when, for example, I want to investigate something email related, I > > look in /var/log/mail.log. > > Random email related journal commands: > > journalctl -u postfix > journalctl -f -u postfix > journalctl -b -u postfix > > the -u is for the unit name. the -b is for since boot. man journalctl > for details. Not particularly useful IMO. In /var/log/mail.log I can see log entries from all the programs configured to log to the mail facility. That way I can see the interaction between them. On a typical server that is for sending mail I often need to see log entries from postfix, clamsmtp, and dkimpy-milter together to understand how a message is (or isn't) making it through the system. Of course the fact that I can't use all the tools available to manipulate text files to follow or analyze logs is problematic. If I'm using journalctl, how do I replicate 'tail -f /var/log/mail.loog'? Note that I'm not asking about some specialized configuration that I've set up. All I want to know is how to make it work like Debian works out of the box today. Scott K
Attachment:
signature.asc
Description: This is a digitally signed message part.