Rich Freeman <ri...@gentoo.org> wrote:
> On Mon, Feb 9, 2015 at 6:52 AM, Alec Ten Harmsel
> <a...@alectenharmsel.com> wrote:
> >
> > On 02/09/2015 06:49 AM, Mick wrote:
> >> On Monday 09 Feb 2015 11:23:15 Rich Freeman wrote:
> >>> You don't have to export them from anything unless you need their
> >>> content in a text file. If you just run "journalctl" that is the
> >>> equivalent of typing cat /var/log/messages. If you do want to parse
> >>> them with an external tool then you get your choice of several text
> >>> formats and json.
> >> The thing is I never use cat. I invariably use less, rview, or grep, to
> >> browse or search the log files.
> >>
> >> How will this work with journalctl, will I have to export them first into a
> >> different format?
> >>
> >
> > You can run `journalctl | grep whatever`. I don't know what rview is,
> > but as long as whatever you're using supports pipes you should be fine.
> >
>
> Keep in mind that if you're grepping logs, there is probably a better
> way to accomplish what you want to do with journalctl's options.
> Finding all output from a particular daemon is going to be more
> reliable if you filter by unit, versus getting verbose log output from
> your mail server that has "mysql" somewhere in it or whatever. That
> is the main reason for using a binary log format.
>
> But, yes, you can just pipe the output into the tool of your choice.
> If you keep a lot of logs like I do it might be wiser to prefilter it
> a bit, such as by adding -b to the options to limit it to entries
> since the last reboot.
>
> I also tend to keep a journalctl -f running in a screen session, which
> is the equivalent of a tail -f.
>
> If you're using an automated tool you can also use cursors to bookmark
> the last entry you read and then ask journalctl for entries since that
> one. Of course, an automated tool would probably just read the logs
> via dbus or whatever (I haven't taken the time to look into the APIs).
I wonder if the original poster is using systemd? Also, I find
journalctl very clumsy to find things about a specific program, such as
mail logs or whatever -- unless I am missing something. I use
syslog-ng, although I get a lot of messages which say forwarding to
syslog missed n messages from system journal, so maybe its a problem,
but how would you use logwatch without something like syslog-ng?
--
Your life is like a penny. You're going to lose it. The question is:
How do
you spend it?
John Covici
cov...@ccs.covici.com
