[systemd-devel] right way to log to rsyslog/syslog only?
Lennart Poettering
lennart at poettering.net
Wed Aug 13 09:46:49 PDT 2014
On Thu, 07.08.14 15:44, Leonid Isaev (lisaev at umail.iu.edu) wrote:
> Hi,
>
> On Thu, Aug 07, 2014 at 06:11:39PM +0000, "Jóhann B. Guðmundsson" wrote:
> >
> > On 08/07/2014 04:12 PM, Leonid Isaev wrote:
> > >>>Perhaps understanding why you're allergic to the journal would help in
> > >>>figuring out solutions to the actual underlying problem.
> > >There is nothing wrong with the journald per se, but it's not a replacement for
> > >the classic syslog
> >
> > Yes it is.
>
> Hmm, reading my message above, I can see that it wasn't clear enough -- sorry.
> Perhaps an example can clarify things.
>
> Take dnsmasq which under normal operation logs _lots_ of DHCP-related messages,
> even on a tiny network of ~20 (crappy Android) devices. These messages fall
> into 2 categories: routine (log_level info -- DHCPREQUEST, DHCPACK, etc.) and
> security-related (log_level warn -- DNS rebind attacks e.g.). I want the former
> to be volatile (stored in /run/log), while the latter on-disk (in /var/log).
>
> While there are many ways to accomplish this with rsyslog/syslog-ng filters,
> I'd very much like to know how to do this with journald.
Splitting things up based on the log level sounds like a good idea, and
is in fact already on the TODO list. Happy to take patches.
However, note that I really don't want a generic regexp-or-something
based engine in journald. For that kind of stuff, please use rsyslog.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list