On 02/09/2015 08:02 AM, Rich Freeman wrote: > Keep in mind that if you're grepping logs, there is probably a better > way to accomplish what you want to do with journalctl's options. > Finding all output from a particular daemon is going to be more > reliable if you filter by unit, versus getting verbose log output from > your mail server that has "mysql" somewhere in it or whatever. That > is the main reason for using a binary log format.
Of course, of course. I should have expanded a little more, but I was on my way to work out. I don't use systemd at work, but for my server I generally find the most helpful command to check a particular service is `systemctl status <service>` to see how it got screwed up. I imagine it would be pretty useful to grab the JSON output from every host and put it in elastic search or mongodb or something, but I don't have any experience doing that. At the same time, though, the message would still have to be parsed by something and a lot of the metadata looks to be not extremely useful (atm anyways). > If you're using an automated tool you can also use cursors to bookmark > the last entry you read and then ask journalctl for entries since that > one. Of course, an automated tool would probably just read the logs > via dbus or whatever (I haven't taken the time to look into the APIs). > Using the low-level DBus C API makes me cry just a little bit; I've been doing a ton of DBus stuff to add good systemd support to bossman. That said, the API systemctl exposes over DBus is pretty common-sensical, so I'm sure the journalctl one is straightforward as well. Alec