On Fri, Dec 2, 2011 at 2:49 PM, Kay Sievers <kay.siev...@vrfy.org> wrote: > On Fri, Dec 2, 2011 at 13:59, Rainer Gerhards <rgerha...@gmail.com> wrote: >> as you probably know, I am not a big fan of the journald proposal, but >> that's not the point of my question. I am thinking about how to >> integrate journal data into a syslog logging solution. > > You know that the syslog daemon will still see exactly the same log > messages from all clients as it did before, right? The /dev/log file > descriptor that systemd passed to the syslog daemon at startup, will > still carry all the same things regardless of journald's actions.
Does that mean /dev/log will also receive messages submitted via the *new* API you define? If so, is the format documented somewhere (or intended to be)? >> So I have a >> couple of questions in regard to accessing the journal. The most >> important one is how to read information from it. From what I have >> read, a client API is planned. I know git has working code, but this >> code is tied into systemd and is not a lib. >> >> So I wonder how a non-systemd app would gain access to journal data. >> Do you actually plan a client library (-ljournal) ? > > Yes, a shared library will be provided. It's probably a bit early, but: do you have some idea when this will be released (maybe around F17)? > >> Or do you plan to >> make this available as a core OS service (and thus via a system call >> interface)? > > What do you mean? The journal is just files on disk (or tmpfs), and > the lib can map the file and provide indexed access to it. I wondered if you intend to move the journal core into the kernel itself. I hadn't expected that, and it's not the case, as you just said. Still wanted to make sure I understood right. >> Or anything else? Also, in order to read the complete >> journal, is it necessary to run under the root user or can lower >> privileges be used (and, if so, which)? > > All entries are written to individual journals, a separate one for the > system and one for every login uid (user) that submitted entries. > Every login uid can read their own journal, but not directly write it. But there will be one journal that a root admin can pull for all log entries? Or does this mean that, in order to obtain all entries, the system journal file plus all journal files for all users must be read? If so, is it intended that the API/lib handles that? > All services log into the system journal. The files of the system > journal are owned by a group, you need to be member of that group to > access them. > >> These questions were mostly related to the syslogd pulling data from >> the journal to transmit it some remote site (or do some other >> transformation). Now let's assume the contrary, syslogd receives data >> via the network and wants to store it inside the journal. Will there >> be an API provided for that case as well? > > Yes, sure, it can just forward things to the journal. Along with what > they log, they will just have some metadata of the forwarder added. So now let's assume I have pulled some log messages from system A, and transport these via syslog to system B. Now I want to consolidate the log on system B. So what I need is to have an exact duplicate of what is present on A also present on B (especially the metadata). That means I can write into B's journal exactly what was on A, including the *trusted fields*? (or let's for a moment assume that A does not run journald, but I know A's hostname via RFC5425 X.509-based auth and so this info is known to be correct - many scenarios along these lines). _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel