[systemd-devel] right way to log to rsyslog/syslog only?
"Jóhann B. Guðmundsson"
johannbg at gmail.com
Thu Aug 7 13:01:31 PDT 2014
On 08/07/2014 07:44 PM, Leonid Isaev wrote:
> Hi,
>
> On Thu, Aug 07, 2014 at 06:11:39PM +0000, "Jóhann B. Guðmundsson" wrote:
>> On 08/07/2014 04:12 PM, Leonid Isaev wrote:
>>>>> Perhaps understanding why you're allergic to the journal would help in
>>>>> figuring out solutions to the actual underlying problem.
>>> There is nothing wrong with the journald per se, but it's not a replacement for
>>> the classic syslog
>> Yes it is.
> Hmm, reading my message above, I can see that it wasn't clear enough -- sorry.
> Perhaps an example can clarify things.
>
> Take dnsmasq which under normal operation logs _lots_ of DHCP-related messages,
> even on a tiny network of ~20 (crappy Android) devices. These messages fall
> into 2 categories: routine (log_level info -- DHCPREQUEST, DHCPACK, etc.) and
> security-related (log_level warn -- DNS rebind attacks e.g.). I want the former
> to be volatile (stored in /run/log), while the latter on-disk (in /var/log).
>
> While there are many ways to accomplish this with rsyslog/syslog-ng filters,
Give me an actual working example how this is solved using
rsyslog/syslog-ng filters
JBG
More information about the systemd-devel
mailing list