[systemd-devel] right way to log to rsyslog/syslog only?

Leonid Isaev lisaev at umail.iu.edu
Thu Aug 7 12:44:03 PDT 2014


On Thu, Aug 07, 2014 at 06:11:39PM +0000, "Jóhann B. Guðmundsson" wrote:
> On 08/07/2014 04:12 PM, Leonid Isaev wrote:
> >>>Perhaps understanding why you're allergic to the journal would help in
> >>>figuring out solutions to the actual underlying problem.
> >There is nothing wrong with the journald per se, but it's not a replacement for
> >the classic syslog
> Yes it is.

Hmm, reading my message above, I can see that it wasn't clear enough -- sorry.
Perhaps an example can clarify things.

Take dnsmasq which under normal operation logs _lots_ of DHCP-related messages,
even on a tiny network of ~20 (crappy Android) devices. These messages fall
into 2 categories: routine (log_level info -- DHCPREQUEST, DHCPACK, etc.) and
security-related (log_level warn -- DNS rebind attacks e.g.). I want the former
to be volatile (stored in /run/log), while the latter on-disk (in /var/log).

While there are many ways to accomplish this with rsyslog/syslog-ng filters,
I'd very much like to know how to do this with journald.

Leonid Isaev
GPG fingerprints: DA92 034D B4A8 EC51 7EA6  20DF 9291 EE8A 043C B8C4
                  C0DF 20D0 C075 C3F1 E1BE  775A A7AE F6CB 164B 5A6D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20140807/052b18ff/attachment.sig>

More information about the systemd-devel mailing list