On 2024-12-16 10:18, Michael Tokarev via Postfix-users wrote: > > service or to the service which did the submission. Neither of the two > is right or wrong in all cases, though I'd say the initial submission > belongs more to the submitting service than to the accepting service, - > at least that's where the problem should be dealt with, where it originates > at.
That's right. There are several orthogonal selectors allowing to query for "oranges" in color context and "apples" in fruit context. Or all the apples, oranges and helicopters without any selector, which effectively restores original /dev/log stream before processing rules of the syslog of anyone's choice. Therefore in terms of "contents" journal is superset of any possible syslog. Syslog doesn't collect such data and discards some valuable info. Syslog doesn't get stdout/stderr, syslog doesn't support structured logs. Syslog doesn't get log entries send while it was not running. The storage, performance, retention etc. are different matter, fortunately such journal stream can be simply forwarded to syslog of anyone's choice. And it's even better - since your syslog can also use sd-journal, it's not limited to syslog() data and might read structured logs of every sd-journal aware service and retain process metadata. Therefore, people just need to stop treating journal as a complete logging facility, but instead as a log forwarder/multiplexer with rather poor storage and in-transit features, but attachable to any backend one wishes. > This does not include postfix processes started in other contexts, like > submitting mail from command line or from another service - there, it > is logged a belonging to the calling unit, still under postfix-provided > log tag within the message. This is especially important as the syslog identifier can be easily forged during openlog(), while process metadata can't. > "postfix" anywhere in the message (-g stands for "grep"). There's also > -t option (syslog tag) and --facility which can be used there, to show > mail-related info from all units. And all those tags are completed by tab (at least under zsh), so it's easy to choose what to look for. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
