On Tue, Feb 18, 2014 at 3:54 AM, J. Roeleveld <jo...@antarean.org> wrote:
> On Sun, February 16, 2014 22:16, Canek Peláez Valdés wrote:
>> On Sun, Feb 16, 2014 at 2:58 PM, Volker Armin Hemmann
>> <volkerar...@googlemail.com> wrote:
>>> oh? I can pipe that output into cat or any any daemon I like? Doesn't
>>> look like so.
>>
>> But it does, you can "cat" with journalctl; it's one of its output
>> options:
>>
>> -o, --output=
>> cat
>> generates a very terse output only showing the actual
>> message of each journal entry with no meta data, not even a timestamp.
>
> As I do not have systemd installed on any machine, I can't check the
> man-pages.
They are online [1].
> But, if that is the only method to get parseable text from journalctl,
> then that is less then useless.
I only put that option as tongue-in-cheek, since someone complained
about not being able to "cat" the logs. Many more options are
available.
> I would expect an export option providing the same detail level as I
> currently find in /var/log/messages.
> A timestamp is a minimum required for logging system output.
Everybody agrees with that; that's why the journal supports a lot of
formatting options. From [2]:
-o, --output=
Controls the formatting of the journal entries that are
shown. Takes one of the following options:
short
is the default and generates an output that is mostly
identical to the formatting of classic syslog files, showing one line
per journal entry.
short-iso
is very similar, but shows ISO 8601 wallclock timestamps.
short-precise
is very similar, but shows timestamps with full
microsecond precision.
short-monotonic
is very similar, but shows monotonic timestamps instead
of wallclock timestamps.
verbose
shows the full-structured entry items with all fields.
export
serializes the journal into a binary (but mostly
text-based) stream suitable for backups and network transfer (see
Journal Export Format[1] for more information).
json
formats entries as JSON data structures, one per line
(see Journal JSON Format[2] for more information).
json-pretty
formats entries as JSON data structures, but formats
them in multiple lines in order to make them more readable for humans.
json-sse
formats entries as JSON data structures, but wraps them
in a format suitable for Server-Sent Events[3].
cat
generates a very terse output only showing the actual
message of each journal entry with no meta data, not even a timestamp.
So you can have the default; journalctl -b | head:
-- Logs begin at Tue 2013-09-24 13:39:03 CDT, end at Tue 2014-02-18
08:28:44 CST. --
Feb 10 09:50:37 centurion systemd-journal[371]: Runtime journal is
using 712.0K (max 198.0M, leaving 297.1M of free 1.9G, current limit
198.0M).
Feb 10 09:50:37 centurion systemd-journal[371]: Runtime journal is
using 716.0K (max 198.0M, leaving 297.1M of free 1.9G, current limit
198.0M).
Feb 10 09:50:37 centurion systemd-journal[371]: Journal started
Feb 10 09:50:37 centurion systemd-modules-load[370]: Inserted module 'fuse'
Feb 10 09:50:37 centurion systemd[1]: Starting Swap.
Feb 10 09:50:37 centurion systemd[1]: Reached target Swap.
Feb 10 09:50:37 centurion systemd-modules-load[370]: Inserted module 'kvm_intel'
Feb 10 09:50:37 centurion systemd[1]: Starting Local File Systems.
Feb 10 09:50:37 centurion systemd-journal[371]: Missed 107 kernel messages
(The -b option shows the logs from the current boot; you can get the
previous one with -b -1, the one before with -b -2, etc.)
You can have short; journalctl -b -o short | head, which for the first
lines of my current boot look the same as the default. You can have
ISO timestamps; journalctl -b -o short-iso:
-- Logs begin at Tue 2013-09-24 13:39:03 CDT, end at Tue 2014-02-18
08:31:54 CST. --
2014-02-10T09:50:37-0600 centurion systemd-journal[371]: Runtime
journal is using 712.0K (max 198.0M, leaving 297.1M of free 1.9G,
current limit 198.0M).
2014-02-10T09:50:37-0600 centurion systemd-journal[371]: Runtime
journal is using 716.0K (max 198.0M, leaving 297.1M of free 1.9G,
current limit 198.0M).
2014-02-10T09:50:37-0600 centurion systemd-journal[371]: Journal started
2014-02-10T09:50:37-0600 centurion systemd-modules-load[370]: Inserted
module 'fuse'
2014-02-10T09:50:37-0600 centurion systemd[1]: Starting Swap.
2014-02-10T09:50:37-0600 centurion systemd[1]: Reached target Swap.
2014-02-10T09:50:37-0600 centurion systemd-modules-load[370]: Inserted
module 'kvm_intel'
2014-02-10T09:50:37-0600 centurion systemd[1]: Starting Local File Systems.
2014-02-10T09:50:37-0600 centurion systemd-journal[371]: Missed 107
kernel messages
You can have nanosecond precision; journalctl -b -o short-precise | head:
-- Logs begin at Tue 2013-09-24 13:39:03 CDT, end at Tue 2014-02-18
08:31:54 CST. --
Feb 10 09:50:37.689600 centurion systemd-journal[371]: Runtime journal
is using 712.0K (max 198.0M, leaving 297.1M of free 1.9G, current
limit 198.0M).
Feb 10 09:50:37.689910 centurion systemd-journal[371]: Runtime journal
is using 716.0K (max 198.0M, leaving 297.1M of free 1.9G, current
limit 198.0M).
Feb 10 09:50:37.690139 centurion systemd-journal[371]: Journal started
Feb 10 09:50:37.690184 centurion systemd-modules-load[370]: Inserted
module 'fuse'
Feb 10 09:50:37.689866 centurion systemd[1]: Starting Swap.
Feb 10 09:50:37.689902 centurion systemd[1]: Reached target Swap.
Feb 10 09:50:37.689982 centurion systemd-modules-load[370]: Inserted
module 'kvm_intel'
Feb 10 09:50:37.690419 centurion systemd[1]: Starting Local File Systems.
Feb 10 09:50:37.692022 centurion systemd-journal[371]: Missed 107
kernel messages
You can have monotonic timestamps; journalctl -b -o short-monotonic | head:
-- Logs begin at Tue 2013-09-24 13:39:03 CDT, end at Tue 2014-02-18
08:32:44 CST. --
[ 0.568295] centurion systemd-journal[371]: Runtime journal is
using 712.0K (max 198.0M, leaving 297.1M of free 1.9G, current limit
198.0M).
[ 0.568605] centurion systemd-journal[371]: Runtime journal is
using 716.0K (max 198.0M, leaving 297.1M of free 1.9G, current limit
198.0M).
[ 0.568834] centurion systemd-journal[371]: Journal started
[ 0.569202] centurion systemd-modules-load[370]: Inserted module 'fuse'
[ 0.569530] centurion systemd[1]: Starting Swap.
[ 0.569823] centurion systemd[1]: Reached target Swap.
[ 0.570157] centurion systemd-modules-load[370]: Inserted module 'kvm_intel'
[ 0.570452] centurion systemd[1]: Starting Local File Systems.
[ 0.570718] centurion systemd-journal[371]: Missed 107 kernel messages
You can get it formatted with JSON; journalctl -b -o json | head -n 3:
{ "__CURSOR" :
"s=12a9a4b1107f4a1e8219c6f392b59998;i=577;b=85b3bd9a292b40da80a73aac41f06840;m=8abe7;t=4f20f4d08b300;x=ac5d8ecfe215e10f",
"__REALTIME_TIMESTAMP" : "1392047437689600", "__MONOTONIC_TIMESTAMP" :
"568295", "_BOOT_ID" : "85b3bd9a292b40da80a73aac41f06840", "PRIORITY"
: "6", "_TRANSPORT" : "driver", "MESSAGE" : "Runtime journal is using
712.0K (max 198.0M, leaving 297.1M of free 1.9G, current limit
198.0M).", "MESSAGE_ID" : "ec387f577b844b8fa948f33cad9a75e6", "_PID" :
"371", "_UID" : "0", "_GID" : "0", "_COMM" : "systemd-journal", "_EXE"
: "/usr/lib64/systemd/systemd-journald", "_CMDLINE" :
"/usr/lib/systemd/systemd-journald", "_CAP_EFFECTIVE" : "4402800cf",
"_SYSTEMD_CGROUP" : "/system.slice/systemd-journald.service",
"_SYSTEMD_UNIT" : "systemd-journald.service", "_SYSTEMD_SLICE" :
"system.slice", "_MACHINE_ID" : "386846e50fae217775d8d80045a18054",
"_HOSTNAME" : "centurion" }
{ "__CURSOR" :
"s=12a9a4b1107f4a1e8219c6f392b59998;i=578;b=85b3bd9a292b40da80a73aac41f06840;m=8ad1d;t=4f20f4d08b436;x=5d13a456b0fc099a",
"__REALTIME_TIMESTAMP" : "1392047437689910", "__MONOTONIC_TIMESTAMP" :
"568605", "_BOOT_ID" : "85b3bd9a292b40da80a73aac41f06840", "PRIORITY"
: "6", "_TRANSPORT" : "driver", "MESSAGE_ID" :
"ec387f577b844b8fa948f33cad9a75e6", "_PID" : "371", "_UID" : "0",
"_GID" : "0", "_COMM" : "systemd-journal", "_EXE" :
"/usr/lib64/systemd/systemd-journald", "_CMDLINE" :
"/usr/lib/systemd/systemd-journald", "_CAP_EFFECTIVE" : "4402800cf",
"_SYSTEMD_CGROUP" : "/system.slice/systemd-journald.service",
"_SYSTEMD_UNIT" : "systemd-journald.service", "_SYSTEMD_SLICE" :
"system.slice", "_MACHINE_ID" : "386846e50fae217775d8d80045a18054",
"_HOSTNAME" : "centurion", "MESSAGE" : "Runtime journal is using
716.0K (max 198.0M, leaving 297.1M of free 1.9G, current limit
198.0M)." }
{ "__CURSOR" :
"s=12a9a4b1107f4a1e8219c6f392b59998;i=579;b=85b3bd9a292b40da80a73aac41f06840;m=8ae02;t=4f20f4d08b51b;x=656aa8fa8583d9dd",
"__REALTIME_TIMESTAMP" : "1392047437690139", "__MONOTONIC_TIMESTAMP" :
"568834", "_BOOT_ID" : "85b3bd9a292b40da80a73aac41f06840", "PRIORITY"
: "6", "_TRANSPORT" : "driver", "_PID" : "371", "_UID" : "0", "_GID" :
"0", "_COMM" : "systemd-journal", "_EXE" :
"/usr/lib64/systemd/systemd-journald", "_CMDLINE" :
"/usr/lib/systemd/systemd-journald", "_CAP_EFFECTIVE" : "4402800cf",
"_SYSTEMD_CGROUP" : "/system.slice/systemd-journald.service",
"_SYSTEMD_UNIT" : "systemd-journald.service", "_SYSTEMD_SLICE" :
"system.slice", "_MACHINE_ID" : "386846e50fae217775d8d80045a18054",
"_HOSTNAME" : "centurion", "MESSAGE" : "Journal started", "MESSAGE_ID"
: "f77379a8490b408bbe5f6940505a777b" }
Or pretty JSON; journalctl -b -o json-pretty | head -n 22:
{
"__CURSOR" :
"s=12a9a4b1107f4a1e8219c6f392b59998;i=577;b=85b3bd9a292b40da80a73aac41f06840;m=8abe7;t=4f20f4d08b300;x=ac5d8ecfe215e10f",
"__REALTIME_TIMESTAMP" : "1392047437689600",
"__MONOTONIC_TIMESTAMP" : "568295",
"_BOOT_ID" : "85b3bd9a292b40da80a73aac41f06840",
"PRIORITY" : "6",
"_TRANSPORT" : "driver",
"MESSAGE" : "Runtime journal is using 712.0K (max 198.0M,
leaving 297.1M of free 1.9G, current limit 198.0M).",
"MESSAGE_ID" : "ec387f577b844b8fa948f33cad9a75e6",
"_PID" : "371",
"_UID" : "0",
"_GID" : "0",
"_COMM" : "systemd-journal",
"_EXE" : "/usr/lib64/systemd/systemd-journald",
"_CMDLINE" : "/usr/lib/systemd/systemd-journald",
"_CAP_EFFECTIVE" : "4402800cf",
"_SYSTEMD_CGROUP" : "/system.slice/systemd-journald.service",
"_SYSTEMD_UNIT" : "systemd-journald.service",
"_SYSTEMD_SLICE" : "system.slice",
"_MACHINE_ID" : "386846e50fae217775d8d80045a18054",
"_HOSTNAME" : "centurion"
}
See if you can easily do that with rsyslog or syslog-ng.
Regards.
[1] http://www.freedesktop.org/software/systemd/man/
[2] http://www.freedesktop.org/software/systemd/man/journalctl.html
Regards.
--
Canek Peláez Valdés
Posgrado en Ciencia e Ingeniería de la Computación
Universidad Nacional Autónoma de México
