On 30 Nov 2024 08:53 -0500, from g...@wooledge.org (Greg Wooledge):
>> # awk '{ if($5 ~ "^postfix[[]") { print } }' </var/log/messages
>
> That's a rather verbose way of writing that awk command.
>
> awk '$5 ~ "^postfix[[]"' /var/log/messages
>
> Also, I'm quite new to postfix, but this pattern doesn't appear to match
> any lines in my log files. First of all, the lines in question seem to
> be in /var/log/syslog on Debian 10, not in messages. Second, they all
> look like:
>
> Nov 30 08:43:08 remote postfix/smtpd[5243]: connect from
> bendel.debian.org[82.195.75.100]
>
> and so on, with postfix followed by a slash, not a square bracket.
So let me specifically highlight the "you might use something like"
and "to roughly the same effect" relating to that example in my
earlier post. What I wrote was not intended as a ready-to-use
exact-equivalence one-or-the-other, but as an _illustrative example_.
There are other differences between the two as well; one example of
such a difference is how they handle log rotation, which is largely a
non-issue with systemd + journalctl for the duration of log retention
but requires particular care with *syslogd especially if log rotation
also compresses old logs (as is typical), whereas passing journalctl
--no-pager --all might not be typical but replicates the style of
output from the awk example when run from an interactive terminal.
--
Michael Kjörling
🔗 https://michael.kjorling.se
