Re: [systemd-devel] in-kernel structured logging
On Thu, Jul 30, 2015 at 9:47 PM, Anne Mulhern amulh...@redhat.com wrote: Where can the support for structured logging be found in the kernel? It seems tricky, given the kernel's constraints, to support arbitrary structured logging. It was added to kernel/printk.c in v3.5 – printk_emit() accepts an array of key=value metadata, and printk() is a thin wrapper around that. At the same time /dev/kmsg was added, to export the attached data and fix various other problems which /proc/kmsg had. https://git.kernel.org/linus/7ff9554bb578 https://git.kernel.org/linus/e11fea92e13f https://git.kernel.org/linus/c4e00daaa96d https://git.kernel.org/linus/3b552b92817c Rsyslog can import the structured data from /dev/kmsg: http://www.rsyslog.com/doc/v8-stable/configuration/modules/imkmsg.html -- Mantas Mikulėnas graw...@gmail.com ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] in-kernel structured logging
Hi! This is really closely related to my previous question re. formalizing an API. In the design document (https://docs.google.com/document/pub?id=1IC9yOXj7j6cdLLxWEBAGRL6wl97tFxgjLUEHIX3MSTs) there is a statement about a future intention to support in-kernel structured logging. Are things like dev_printk() considered to have achieved that, or is something more planned for the future? Thanks again, - mulhern ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] in-kernel structured logging
On Thu, Jul 30, 2015 at 12:16:03PM -0400, Anne Mulhern wrote: Hi! This is really closely related to my previous question re. formalizing an API. In the design document (https://docs.google.com/document/pub?id=1IC9yOXj7j6cdLLxWEBAGRL6wl97tFxgjLUEHIX3MSTs) there is a statement about a future intention to support in-kernel structured logging. Are things like dev_printk() considered to have achieved that, or is something more planned for the future? One thing is the basic support for structured logs, which was implemented, another is patching all the places which produce logs to attach useful metadata. This is only partially done. If you look at kernel logs from a boot, even basic things like the priority are set semi-randomly. So from the kernel the state could be described as POC. From systemd side, we have the fields, but we don't do interesting things with them. One problem is that the kernel gives us tags like _KERNEL_DEVICE=+scsi:8:0:3:0 which are dynamic, and change between boots. For the logs to be useful, we would have to map those to some static identifiers. It would be nice to tell journalctl give me all logs about /dev/sda, but we're not there yet. Zbyszek ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] in-kernel structured logging
- Original Message - From: Zbigniew Jędrzejewski-Szmek zbys...@in.waw.pl To: Anne Mulhern amulh...@redhat.com Cc: systemd-devel@lists.freedesktop.org Sent: Thursday, July 30, 2015 1:04:55 PM Subject: Re: [systemd-devel] in-kernel structured logging On Thu, Jul 30, 2015 at 12:16:03PM -0400, Anne Mulhern wrote: Hi! This is really closely related to my previous question re. formalizing an API. In the design document (https://docs.google.com/document/pub?id=1IC9yOXj7j6cdLLxWEBAGRL6wl97tFxgjLUEHIX3MSTs) there is a statement about a future intention to support in-kernel structured logging. Are things like dev_printk() considered to have achieved that, or is something more planned for the future? One thing is the basic support for structured logs, which was implemented, another is patching all the places which produce logs to attach useful metadata. This is only partially done. If you look at kernel logs from a boot, even basic things like the priority are set semi-randomly. So from the kernel the state could be described as POC. Where can the support for structured logging be found in the kernel? It seems tricky, given the kernel's constraints, to support arbitrary structured logging. I'm likely missing something, but as far as I can tell, dev_printk() is like printk(), except that it takes a few more parameters from which a few more fields about the device are automatically extracted and added to the buffer. Maybe dev_printk is one instance of what is considered the correct way to do structured logging in the kernel? From systemd side, we have the fields, but we don't do interesting things with them. One problem is that the kernel gives us tags like _KERNEL_DEVICE=+scsi:8:0:3:0 which are dynamic, and change between boots. For the logs to be useful, we would have to map those to some static identifiers. It would be nice to tell journalctl give me all logs about /dev/sda, but we're not there yet. Zbyszek - mulhern ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
