[systemd-devel] How does journald talks to other services?

Nishant Nayan nayan.nishant2000 at gmail.com
Tue Aug 24 03:41:19 UTC 2021


So what are the cases where syslog forwards logs to journal?
Is there a case where both journal and syslog end up sending same logs to
each other ( like a cycle ) resulting in duplicate logs?

Nishant

On Mon, 23 Aug 2021, 14:02 Mantas Mikulėnas, <grawity at gmail.com> wrote:

> On Mon, Aug 23, 2021, 11:19 Nishant Nayan <nayan.nishant2000 at gmail.com>
> wrote:
>
>> I was using logger command to see if the logs goes to journal, and it
>> does, it goes both in /var/log/messages (owned by syslog) and journal, how
>> is it happening? Is it because journal listens to /dev/log ?
>>
>
> Journald listens to /dev/log and writes messages to its .journal files.
> Then a syslog daemon (rsyslogd or syslog-ng) receives the same messages
> *from* journald, in one of two ways, and writes them to /var/log/messages:
>
> a) The syslog daemon directly reads messages with full metadata from
> .journal files (e.g. in rsyslogd this is the imjournal module);
>
> or b) The syslog daemon listens on a completely separate socket in /run,
> and journald forwards all messages to that socket (without metadata) using
> the traditional syslog protocol.
>
> The following is from systemd-journald.socket
>> [Socket]
>> ListenStream=/run/systemd/journal/stdout
>> ListenDatagram=/run/systemd/journal/socket
>> ListenDatagram=/dev/log
>>
>> Also can we edit 'systemd-journald.socket ' so as to not listen to
>> /dev/log ? Just for seeing its behaviour.
>> I tried by commenting out and removing 'ListenDatagram=/dev/log' and
>> restarted the socket and journal service, but the logger log is still
>> displayed in journal
>>
>
> Technically that should work? But don't use it for other reasons except
> testing, I'd say...
>
> Did you systemctl daemon-reload?
>
> Is /dev/log a real socket or a symlink? (In later systemd versions it's a
> symlink and the real socket is in /run.)
>
> If it's a real socket, does it get re-created after 'rm'?
>
>
>>
>>
>> Nishant
>>
>> On Fri, 20 Aug 2021 at 16:43, Mantas Mikulėnas <grawity at gmail.com> wrote:
>>
>>> On Fri, Aug 20, 2021 at 2:11 PM Mantas Mikulėnas <grawity at gmail.com>
>>> wrote:
>>>
>>>> On Fri, Aug 20, 2021 at 2:10 PM Nishant Nayan <
>>>> nayan.nishant2000 at gmail.com> wrote:
>>>>
>>>>> Regarding the below point :
>>>>> c) The service prints to stdout/stderr, but systemd attaches the
>>>>> service's stdout/stderr to a pipe which is read by journald (using
>>>>> sd_journal_stream_fd(3) from libsystemd). See [Service] StandardOutput= in
>>>>> systemd.service(5).
>>>>>
>>>>> I did not see StandardOutput field in [Service] sections of a service
>>>>> file, for example sshd.service, but its logs are visible in journalctl.
>>>>> Is it by default piped to journal and we need to explicitly mention it
>>>>> (StandardOutput=)  only when we want to redirect it somewhere else?
>>>>>
>>>>
>>>> StandardOutput=journal is the default setting.
>>>>
>>>
>>> And, actually, sshd doesn't write its messages to stdout anyway – it
>>> uses syslog() via /dev/log; most daemons do.
>>>
>>> --
>>> Mantas Mikulėnas
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20210824/db76f932/attachment-0001.htm>


More information about the systemd-devel mailing list