On Mon, Feb 9, 2015 at 5:06 AM, Matthias Hanft <m...@hanft.de> wrote: > > And (from what I have heard) if you use systemd instead of > openrc, there are no syslog files at all - you have to export > them (from some binary database) manually to some human- > readable format. But I don't know much about that - never > used systemd on any Gentoo Linux yet.
You don't have to export them from anything unless you need their content in a text file. If you just run "journalctl" that is the equivalent of typing cat /var/log/messages. If you do want to parse them with an external tool then you get your choice of several text formats and json. And yes, you can also run syslog, though I never really got the point of that. The value of the journal is that you capture full metadata for your log entries and you can just query it vs having to parse undelimited text files. Heck, it seems like half the enterprise monitoring tools start out by grabbing that log file that has discarded most of the context and then putting it in a database and attempting to re-create it all. -- Rich
