[systemd-devel] Linux Journal API/client lib

Rainer Gerhards rgerhards at gmail.com
Fri Dec 2 07:14:02 PST 2011


On Fri, Dec 2, 2011 at 2:49 PM, Kay Sievers <kay.sievers at vrfy.org> wrote:
> On Fri, Dec 2, 2011 at 13:59, Rainer Gerhards <rgerhards at gmail.com> wrote:
>> as you probably know, I am not a big fan of the journald proposal, but
>> that's not the point of my question. I am thinking about how to
>> integrate journal data into a syslog logging solution.
>
> You know that the syslog daemon will still see exactly the same log
> messages from all clients as it did before, right? The /dev/log file
> descriptor that systemd passed to the syslog daemon at startup, will
> still carry all the same things regardless of journald's actions.

Does that mean /dev/log will also receive messages submitted via the
*new* API you define? If so, is the format documented somewhere (or
intended to be)?

>> So I have a
>> couple of questions in regard to accessing the journal. The most
>> important one is how to read information from it. From what I have
>> read, a client API is planned. I know git has working code, but this
>> code is tied into systemd and is not a lib.
>>
>> So I wonder how a non-systemd app would gain access to journal data.
>> Do you actually plan a client library (-ljournal) ?
>
> Yes, a shared library will be provided.
It's probably a bit early, but: do you have some idea when this will
be released (maybe around F17)?

>
>> Or do you plan to
>> make this available as a core OS service (and thus via a system call
>> interface)?
>
> What do you mean? The journal is just files on disk (or tmpfs), and
> the lib can map the file and provide indexed access to it.
I wondered if you intend to move the journal core into the kernel
itself. I hadn't expected that, and it's not the case, as you just
said. Still wanted to make sure I understood right.

>> Or anything else? Also, in order to read the complete
>> journal, is it necessary to run under the root user or can lower
>> privileges be used (and, if so, which)?
>
> All entries are written to individual journals, a separate one for the
> system and one for every login uid (user) that submitted entries.
> Every login uid can read their own journal, but not directly write it.

But there will be one journal that a root admin can pull for all log
entries? Or does this mean that, in order to obtain all entries, the
system journal file plus all journal files for all users must be read?
If so, is it intended that the API/lib handles that?

> All services log into the system journal. The files of the system
> journal are owned by a group, you need to be member of that group to
> access them.
>
>> These questions were mostly related to the syslogd pulling data from
>> the journal to transmit it some remote site (or do some other
>> transformation). Now let's assume the contrary, syslogd receives data
>> via the network and wants to store it inside the journal. Will there
>> be an API provided for that case as well?
>
> Yes, sure, it can just forward things to the journal. Along with what
> they log, they will just have some metadata of the forwarder added.

So now let's assume I have pulled some log messages from system A, and
transport these via syslog to system B. Now I want to consolidate the
log on system B. So what I need is to have an exact duplicate of what
is present on A also present on B (especially the metadata). That
means I can write into B's journal exactly what was on A, including
the *trusted fields*? (or let's for a moment assume that A  does not
run journald, but I know A's hostname via RFC5425 X.509-based auth and
so this info is known to be correct - many scenarios along these
lines).


More information about the systemd-devel mailing list