On Thursday, May 22, 2014 08:31:12 AM cov...@ccs.covici.com wrote: > J. Roeleveld <jo...@antarean.org> wrote: > > On Thursday, May 22, 2014 04:54:45 AM cov...@ccs.covici.com wrote: > > > Hi. I am having a strange problem running under systemd since Monday. > > > I use logwatch to get nice summaries of things going on in the system, > > > it gives me once a day summaries of such things. When running under > > > openrc, I used to get a summary of sshd activity, so I could see the > > > failed logins and the users that actually logged in via ssh. I was > > > using the sysklogd package and am still using it, although I had to > > > listen on a different socket. But now the sshd entries are totally gone > > > and I wonder how to get them back? For instance, I am no longer > > > getting the accepted public key messages anywhere. > > > > > > Thanks in advance for any suggestions. > > > > Did you configure logwatch to read from systemd (not sure if this is > > possible) or systemd to write the logs to sysklogd? > > > > Systemd uses it's own binary format for the logging by default. > > I have sysklogd and friends listen on the journal socket rather on the > original socket which systemd has taken over. Strange but someone told > me that they were getting those messages with syslogng (name may be not > correct), but it still does not make sense to me.
syslogng != sysklogd. Both are different packages. It could be that sysklogd does not work well with systemd. -- Joost