Copy: sysvinit@packages.debian.org

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------pme0IdjLbVj4WK35Cm0YJdb0
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

DQpIaSwNCg0Kd2UgYXJlIGVhcmx5IGluIHRoZSBib29rd29ybSByZWxlYXNlIGN5Y2xlLCBz byBJIGd1ZXNzIGl0J3MgdGhlIHBlcmZlY3QgDQp0aW1lIHRvIGJyaW5nIHVwIHRoaXMgdG9w aWMuIEZvciBxdWl0ZSBhIGxvbmcgdGltZSwgd2UgZGVmYXVsdGVkIHRvIGEgDQp2b2xhdGls ZSBqb3VybmFsIGluIHN5c3RlbWQuIFdlIGZpbmFsbHkgY2hhbmdlZCB0aGF0IGluIGJ1bGxz ZXllIFsxXS4NCldlIHN0aWxsIGRvIGluc3RhbGwgcnN5c2xvZyBieSBkZWZhdWx0IGRlc3Bp dGUgdGhpcyBjaGFuZ2UgKGR1ZSB0byANCnJzeXNsb2cncyBwcmlvcml0eSBiZWluZyBpbXBv cnRhbnQpLg0KQXMgbWFpbnRhaW5lciBvZiBib3RoIHN5c3RlbWQgKmFuZCogcnN5c2xvZyB0 aGlzIHdhcyBpbnRlbnRpb25hbC4NCkkgd2FudGVkIHRvIGhhdmUgYSBmYWxsYmFjaywgc2hv dWxkIHNvbWV0aGluZyB1bmV4cGVjdGVkbHkgZ28gd3JvbmcuDQpOb3cgdGhhdCBidWxsc2V5 ZSBoYXMgYmVlbiByZWxlYXNlZCBmb3IgYSBjb3VwbGUgb2YgbW9udGhzLCB0aGUgZmVlZGJh Y2sgDQpoYXMgYmVlbiByZWFsbHkgcG9zaXRpdmUgcmVnYXJkaW5nIHRoZSBwZXJzaXN0ZW50 IGpvdXJuYWwuDQoNCkkgd291bGQgdGh1cyBsaWtlIHRvIHByb2NlZWQgYW5kIGNoYW5nZSB0 aGUgcHJpb3JpdHkgb2YgcnN5c2xvZyBmcm9tIA0KaW1wb3J0YW50IHRvIG9wdGlvbmFsLCB3 aGljaCBpbiB0dXJuIHdvdWxkIG1lYW4sIGl0IGlzIG5vIGxvbmdlciANCmluc3RhbGxlZCBi eSBkZWZhdWx0Lg0KDQpUaGUgbWFpbiByZWFzb24gaGVyZSBpcywgdGhhdCBJIHdhbnQgdG8g YXZvaWQgdGhhdCBsb2cgZGF0YSBpcyBzdG9yZWQgDQp0d2ljZSBvbiBkaXNrLg0KDQpXaGF0 IGV4YWN0bHkgd291bGQgdGhpcyBtZWFuIGdvaW5nIGZvcndhcmQ6DQoNCi0gRXhpc3Rpbmcg c3lzdGVtcyB3aWxsIGNvbnRpbnVlIHRvIGhhdmUgcnN5c2xvZyBpbnN0YWxsZWQgKGJ1dCB0 aGV5IGNhbiANCnNhZmVseSB1bmluc3RhbGwgcnN5c2xvZykNCg0KLSBOZXdseSBpbnN0YWxs ZWQgc3lzdGVtcyB3aWxsIG5vIGxvbmdlciBoYXZlIHJzeXNsb2cgaW5zdGFsbGVkLCB1bmxl c3MgDQpzb21lIG90aGVyIHBhY2thZ2UgRGVwZW5kcyBvbiBlaXRoZXIgcnN5c2xvZyB8IHN5 c3RlbS1sb2ctZGFlbW9uLiBCdXQgbXkgDQpyZWNvbW1lbmRhdGlvbiBpcywgdGhhdCBpbmRp dmlkdWFsIHBhY2thZ2VzIGRvIG5vdCBoYXZlIGEgDQpEZXBlbmRzL1JlY29tbWVuZHM6IHJz eXNsb2cgfCBzeXN0ZW0tbG9nLWRhZW1vbiB1bmxlc3MgaXQgaXMgcmVhbGx5IA0KY3J1Y2lh bCB0byB0aGVpciBvcGVyYXRpb24uIEpvdXJuYWxkIGRvZXMgcHJvdmlkZSAvZGV2L2xvZyBh bmQgYSANCnN5c2xvZygpIGFwaSBjYWxsIHdpbGwgbWFrZSBzdXJlIHRoZSBsb2cgbWVzc2Fn ZSBlbmRzIHVwIG9uIHBlcnNpc3RlbnQgDQpzdG9yYWdlLg0KDQotIElmIHlvdSBwcmVmZXIg cnN5c2xvZyBvbiBhIHN5c3RlbWQtYmFzZWQgc3lzdGVtIHlvdSBjYW4gZWFzaWx5IGluc3Rh bGwgDQpyc3lzbG9nIGFuZCBpdCB3aWxsIGNvbnRpbnVlIHRvIHdvcmsgYXMtaXMuDQoNCkkn dmUgQ0NlZCB0aGUgbWFpbnRhaW5lcnMgb2Ygc3lzdmluaXQuIFRoZXkgbWlnaHQgYmUgaW50 ZXJlc3RlZCBpbiANCmVuc3VyaW5nIHRoYXQgaWYgc3lzdmluaXQgaXMgaW5zdGFsbGVkLCBh IGNsYXNzaWMgc3lzbG9nIGRhZW1vbiBpcyANCmluc3RhbGxlZC4NCg0KSSdtIHJlYWxseSBs b29raW5nIGZvcndhcmQgdG8gdGhpcyBjaGFuZ2UuDQpGb3Igb25lLCB0aGlzIHdpbGwgbWFr ZSBhIGRlZmF1bHQgaW5zdGFsbGF0aW9uIGxlYW5lci4gQW5kIGdpdmVuIHRoYXQgDQpqb3Vy bmFsZCBjb3ZlcnMgdGhlIGJhc2ljcyB3ZWxsLCB0aGUgcnN5c2xvZyBkZWZhdWx0cyBjb3Vs ZCBiZSBvcHRpbWl6ZWQgDQp0byBiZXR0ZXIgY2F0ZXIgZm9yIGVudGVycHJpc2UgbmVlZHMu DQoNCg0KUmVnYXJkcywNCg0KTWljaGFlbA0KDQpbMV0gDQpodHRwczovL3d3dy5kZWJpYW4u b3JnL3JlbGVhc2VzL3N0YWJsZS9hbWQ2NC9yZWxlYXNlLW5vdGVzL2NoLXdoYXRzLW5ldy5l bi5odG1sI3BlcnNpc3RlbnQtam91cm5hbA0K

--------------pme0IdjLbVj4WK35Cm0YJdb0--

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEECbOsLssWnJBDRcxUauHfDWCPItwFAmGQLucFAwAAAAAACgkQauHfDWCPItxW cQ/+Nnu6EKvzgx10Zmozueh3uXEzr0uf8Dq3QnAn8fsm0+JhZF/fFiOFex4Whpufuw+uVy0fNUMs S6cuxIPwz6m1I0Y981tPU+jZdP1+Gl6DYVjs6YmrE3vDt/q0X8A7N1yF/IP+2+cXV5wAyqHzKTiF ux96tDAQeTPVpuQjFmy5ns9q/rVjorZNf6Wt6PQSzE/248IG51aO8u76dGBF69vvOSO7hkdfGuFO ZmfgljI7ZDh9jiNy/sOOP4hRDDEIBPNumPUN547sbe8Y0sCGb+8ZXOBpprlkxJ4dxOcV+DpqyePN i1Wiow1uzUBC1+jnp7U+cPlBMXr+bkpRpoD8/7Sc6t7pgA++g0B9HDTlzDYnZzipv58x6CemF5M4 /4dtebAos0wPJM3LSDwjcDcufnFilDu/MpE8yBtTNmq8HIUBYYxpWo4efujGxV94hyV/NnedPBQT HkBggvnlwEXTwKSW/tYgqOUy4x1jB5uf1w076y0tNpCcw1by9NNj5P2jgr9J98N5uHqL/34VqyfP dK9BX0vNaH7x3VabiN+SVaF4ypRbjZLlyLpgEvvtcgfob/OkAu20QvWlCIwygkaQ+90nwzsz+LZW l/PstdxfGMMoUW7qQY8QTUeWnM0yNWuNjpaJ9dhbwsE/xCXpRG9cE44UUJJz2exjasBri+0J2EjN y5Q=
=GgnS
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, Nov 13, 2021 at 10:32:23PM +0100, Michael Biebl wrote:

- Existing systems will continue to have rsyslog installed (but they can safely uninstall rsyslog)

I'm not sure if this a directly relevant question (apologies if it is
not), but is there migration path to allow bringing legacy log data
*into* the systemd journal[*] to allow for accessing log data through a
single interface/mechanism after making the transition?

Regards,

-Roberto

[*] whether as part of the transition or as a separate step that can be executed manually
--
Roberto C. S�nchez

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------a5aPBXkMZFRlzsj5UYmpmqxe
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

T24gMTMuMTEuMjEgMjI6NDAsIFJvYmVydG8gQy4gU8OhbmNoZXogd3JvdGU6DQo+IE9uIFNh dCwgTm92IDEzLCAyMDIxIGF0IDEwOjMyOjIzUE0gKzAxMDAsIE1pY2hhZWwgQmllYmwgd3Jv dGU6DQo+Pg0KPj4gLSBFeGlzdGluZyBzeXN0ZW1zIHdpbGwgY29udGludWUgdG8gaGF2ZSBy c3lzbG9nIGluc3RhbGxlZCAoYnV0IHRoZXkgY2FuDQo+PiBzYWZlbHkgdW5pbnN0YWxsIHJz eXNsb2cpDQo+Pg0KPiBJJ20gbm90IHN1cmUgaWYgdGhpcyBhIGRpcmVjdGx5IHJlbGV2YW50 IHF1ZXN0aW9uIChhcG9sb2dpZXMgaWYgaXQgaXMNCj4gbm90KSwgYnV0IGlzIHRoZXJlIG1p Z3JhdGlvbiBwYXRoIHRvIGFsbG93IGJyaW5naW5nIGxlZ2FjeSBsb2cgZGF0YQ0KPiAqaW50 byogdGhlIHN5c3RlbWQgam91cm5hbFsqXSB0byBhbGxvdyBmb3IgYWNjZXNzaW5nIGxvZyBk YXRhIHRocm91Z2ggYQ0KPiBzaW5nbGUgaW50ZXJmYWNlL21lY2hhbmlzbSBhZnRlciBtYWtp bmcgdGhlIHRyYW5zaXRpb24/DQo+IA0KDQpXZWxsLCBleGlzaXN0aW5nIGxvZyBkYXRhIGlu IC92YXIvbG9nIHdpbGwgY29udGludWUgdG8gZXhpc3QuDQoNCkFuZCBhbnl0aGluZyB0aGF0 IGhhcyBiZWVuIGxvZ2dlZCB2aWEgc3lzbG9nKCkgd2lsbCBlbmQgdXAgaW4gdGhlIGpvdXJu YWwuDQoNCkRvZXMgdGhhdCBhbnN3ZXIgeW91ciBxdWVzdGlvbj8NCg==

--------------a5aPBXkMZFRlzsj5UYmpmqxe--

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEECbOsLssWnJBDRcxUauHfDWCPItwFAmGQMZQFAwAAAAAACgkQauHfDWCPItxf rxAAi7WLBD0L64QoX3a/GZPxybFjCh2myWvBdl2b0z3CAysds6SdCnn1yh5e64mNk42CEhMiXoQU P5umjq3s+TmJ88eO5co5eqJjL6NbOTUQVX+Hfst7N/S/rawzeskFz65duhfTULsHQMUJGTSIrG3K AIR9LKs0KZxKgCNr430NKUMHt59zRPjAVqFIPfx3XhAvkp1PO3/adChglJTYZyOzs61TEh5dgzuV dLAv+aMnJ9Q3uxPRKIu+zG8gVFDzwZX4q2kTXZxBTI1Ullcy3eU/5+r987Xxb9KowHd01Ltn9Ufq oZheXc4Z43rO4idjKmQ/vzanWQTCqypIhxZ898AO7OgD+kgl99MuidQRO/fA7sozUA8tSXPbpR5e oj+h1/ObPZhIMKvIrzRalUe0dAtK/bNDL/sRcviPh6GYOjFvmMjsudEC1uXjURDfroSVMr6Ogi+H XjL/aCD+pTEaM/1OGUandKg7TYyHH1bfmH4zS4eqAHlIssqFll65doT2GAiIvPYOGVLmMn95+PnU ZE2ARJgS/FjGtObcCpWCnpdRboz9ZdjuYUJeqSe+NScjsAl2ovNAQUsp9B8c1f5JYfU6tYFy69F9 +O+xq6uCywVEBwSUOmW6O4XTRpo8kO8Xs2oZKYB4aRNAceymFI3JcccBzZFNflLoSyVQcJn8sNbp VEA=
=LSWT
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, Nov 13, 2021 at 04:40:04PM -0500, Roberto C. Sánchez wrote:

I'm not sure if this a directly relevant question (apologies if it is
not), but is there migration path to allow bringing legacy log data
*into* the systemd journal[*] to allow for accessing log data through a single interface/mechanism after making the transition?

As the automatic cleanup will have removed all the data from before the
journal change already, what's the point?

Bastian

--
It would be illogical to assume that all conditions remain stable.
-- Spock, "The Enterprise Incident", stardate 5027.3

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, Nov 13, 2021 at 10:43:48PM +0100, Michael Biebl wrote:

On 13.11.21 22:40, Roberto C. S�nchez wrote:

On Sat, Nov 13, 2021 at 10:32:23PM +0100, Michael Biebl wrote:

- Existing systems will continue to have rsyslog installed (but they can safely uninstall rsyslog)

I'm not sure if this a directly relevant question (apologies if it is
not), but is there migration path to allow bringing legacy log data
*into* the systemd journal[*] to allow for accessing log data through a single interface/mechanism after making the transition?

Well, exisisting log data in /var/log will continue to exist.

And anything that has been logged via syslog() will end up in the journal.

Does that answer your question?

Not really. I guess a better phrasing of my question is: what method or methods are available for viewing/searching existing log data in
/var/log and log data contained in the systemd journal in a consolidated
way?

Regards,

-Roberto

--
Roberto C. S�nchez

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

I would thus like to proceed and change the priority of rsyslog from important to optional, which in turn would mean, it is no longer installed by default.

Do you know of a tool that does what logcheck does, but operating directly on the journal? Logcheck is the only reason I still have rsyslog installed on the servers I maintain.

zw

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 2021-11-16 at 17:57 -0500, Zack Weinberg wrote:

Do you know of a tool that does what logcheck does, but operating
directly on the journal?  Logcheck is the only reason I still have
rsyslog installed on the servers I maintain.

There are some similar things:

journalctl --grep

https://github.com/cyberitsolutions/journalcheck https://github.com/trentbuck/journalcheck

https://github.com/flyingcircusio/check_journal

--
bye,
pabs

https://wiki.debian.org/PaulWise

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEYQsotVz8/kXqG1Y7MRa6Xp/6aaMFAmGUb4QACgkQMRa6Xp/6 aaNWgA/+NutOFM49ciLIiDqO5a+3hi+c/e1lhoUr3CRnSJ+yn7E+GXbZlvwtiDOF oqGs1g+TAHFhSB3cyaeCRazAtKLzSsxATfqkPabHPUYT+2whR9Xj7QYntRVkdjl3 0g1qA8Rzz7yYHT07ueq+aVttZuBLgHJSoD2ge7zfRE6qkRH6Oo9WeEV4HmG3+UtA lS623Ts4wVnFX47E12uI2JybYdbeNXWWvAEGYLD0TZQwRiGs3FxQxoIQkR1It2ci 8gMFcBNerW/UzqnJQRFdlKFaenvpswMCbKJXpprdvSC3wsjbsuBfcH1bL5pwLXzS bOmGxgDae5aQ4MTnck3SQnSRI9oxKJmRMulLzJc1ygVXjSe0JgDmS68+m0AbGWWf Dz2/mBKhtyiJxBI0y8EfL7CQH0htfRFWav3LOgWUtkvIQA63P/QJB1JXLbdPni1c 8L+Jpoq/R18vT0x/+hlRPbqxxltjzDQ8c3NE4I2DH+RyKLr15iGVhr7eee1sfdG1 zccSOb7ym2RJ5vNsqpA+q1PziLE++qGB3HUMMzGuWEKc6oVt6BnhsmqmwLXY9DiD qFsM3LTJqTLzyoJe+0AujNcOMJXf7tM7qesDIKOJjmHvXdlgs9z2Ya1AMT2jkNrj yIVsiLx/J588l6jfPDmqtBUhkBsQM0eCiMWwZ/nrD1cepQTY/Lg=
=BULp
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, Nov 17, 2021 at 10:57:11AM +0800, Paul Wise wrote:

Do you know of a tool that does what logcheck does, but operating
directly on the journal?  Logcheck is the only reason I still have
rsyslog installed on the servers I maintain.

same here, I use (and tune) logcheck on all systems I maintain and absolutly don't wanna miss what I regulary learn from it.

There are some similar things:

[...]

none of them seem to be availble in Debian and/or on par of what logcheck does. Happy to be proven wrong or outdated! :)


--
cheers,
Holger

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄

Stop saying that we are all in the same boat.
We’re all in the same storm. But we’re not all in the same boat.

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmGY0eUACgkQCRq4Vgaa qhwCvQ/9F8AEG9RHfCiYtku0MyX8+rjtsKjpCWfQ8LBmfa+7CCK4RzHvq+6HNeEG Fsee9ixNyZZfRr40dh/7VH81AE+WlUlIIohA1EvqJjoKLksBtfr2M311rPuJrTe/ wY3z8ur5WaUHSBtngJ48rNeFhi6Y8/+gbM8xdbD1uWmUbcadTUp5Vrp37AYB7r72 Et90ZJ2uqkJToom9rjlLJF5dUdCQ8tCC0tlQ/U2E4mvRyxIYf4VNK3YDm7Yox1a9 MEju6QQ2X8oNoWCT8oem6OPimu+fs2o3xJkDBexQLWGNcD8RTzbA/z97RJqdmEqF 8DrdqhXoH2un6ylKYJvdULEvn29zMHfb3CpEwH1wDE3bS+3pO9TmFj1rfllOdACV XCBBitIUR68K2Tn57Rvd18lGNbvhsGvUMS/7rpjvurg70+jAbNNnOuKUX3E9m2G+ /C4AoDZ+2Czxi6mdRD7kEvWaaKcjC/A15SVHhzksgjFy0UIs1vr829puJ/7wnJ3D qVXpXO1H0dqpmoAFTHjNoIJwrhpMGIikdHu7ic0tQw1lMPkFb/7sokG7PWldvIX

Paul Wise <pabs@debian.org> writes:

On Tue, 2021-11-16 at 17:57 -0500, Zack Weinberg wrote:

Do you know of a tool that does what logcheck does, but operating
directly on the journal?  Logcheck is the only reason I still have
rsyslog installed on the servers I maintain.

https://github.com/cyberitsolutions/journalcheck

^ This is me.

The main limitation is journald's choice of HTTPS pull instead of RELP push:

https://github.com/cyberitsolutions/journalcheck/blob/master/debian/control#L20-L22

journalcheck also includes a cleanup/rewrite of syslog-summary, and
it accepts logcheck-database as-is.
IIRC it also includes some tricks to get a 1000-fold speedup compared to
stock logcheck (by working around some GNU grep performance tradeoffs).

I haven't pursued getting it into Debian because
what I have is Good Enough For MeTM.

If other people are interested I'm happy to just hand over the project.
Or I can afford a couple of contact hours a month.


PS: I don't read this ML regularly, so please CC me any followups.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Holger Levsen <holger@layer-acht.org> writes:

On Wed, Nov 17, 2021 at 10:57:11AM +0800, Paul Wise wrote:

Do you know of a tool that does what logcheck does, but operating
directly on the journal?  Logcheck is the only reason I still have
rsyslog installed on the servers I maintain.

same here, I use (and tune) logcheck on all systems I maintain and absolutly don't wanna miss what I regulary learn from it.

logcheck tries to check things in the journal using journalctl, so
should continue to work without rsyslog.

logcheck also needs some help - actually there seem to be many
volunteers to help, but no-one who could merge any contributions. Please
see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981446

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)