Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. RSyslog>
  3. users
rsyslog without any journald in sight
rsyslog at lists
Apr 20, 2022, 2:10 PM
Post #1 of 2 (241 views)
Permalink
Hello.

I searched for a few hours and did not find any solid technical (not
belief based) in having systemd's journald in the logging path. So I
decided to remove it and use only rsyslog. I appreciate the effort
made by the rsyslog team to support journald, but simply did not find
any reason for having it as a process and moreover in the path of log
messages.

It works so far, and I'd like to have advice - if any - about the
configuration.

This is for the current archlinux, rsyslog 8.22 is built from original
sources. It goes like this :

1) journald is stopped, disabled and masked. Not running at all.

2) rsyslog.service is enabled and started by a systemd service as such :

ExecStart=/usr/local/sbin/rsyslogd -n -iNONE

3) The rsyslog configuration is for now the most simple that can be :

module(load="imuxsock"
SysSock.Name="/dev/log")

*.*;auth,authpriv.none -/var/log/syslog

4) Reboot


I have a question about the formulation of the module command. Is that
the right way of loading a module. It works, but is it right ?

Also, so far tests have shown that /dev/log must be explicit. If not,
no device will be created.

Thanks for any input.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: rsyslog without any journald in sight [ In reply to ]
rsyslog at lists
Apr 20, 2022, 2:30 PM
Post #2 of 2 (241 views)
Permalink
yes, the module() statement is the best way to load a module (there is an
earlier way to do it, but if you have to give it any parameters, use module() )

can you please document how you disabled journald? every time I've asked the
systemd folks how to do so, I've been told that it's a mandatory feature, that
systemd won't work without it and the entire system will fail.0

I agree that if you have a real logging solution in place (like rsyslog),
journald is more a bottleneck than a help

you should not need to specify syssock.name according to the docs, but the
version of rsyslog you are using is 5+ years old, so the defaults may have
changed, or the distro may have changed the defaults since they expect you to
use journald (8.40 was replaced with 8.1901 when we changed to date-based
version numbers, so 8.22 is _very_ old)

rsyslog does async writes by default (you have to do a lot of work to disable
them), so the - before the filename is actually meaningless, supported for
backwards compatibility with configs, but meaningless.

On Wed, 20 Apr 2022, jonetsu via rsyslog wrote:

> Date: Wed, 20 Apr 2022 17:10:52 -0400
> From: jonetsu via rsyslog <rsyslog@lists.adiscon.com>
> To: rsyslog@lists.adiscon.com
> Cc: jonetsu <jonetsu@teksavvy.com>
> Subject: [rsyslog] rsyslog without any journald in sight
>
> Hello.
>
> I searched for a few hours and did not find any solid technical (not
> belief based) in having systemd's journald in the logging path. So I
> decided to remove it and use only rsyslog. I appreciate the effort
> made by the rsyslog team to support journald, but simply did not find
> any reason for having it as a process and moreover in the path of log
> messages.
>
> It works so far, and I'd like to have advice - if any - about the
> configuration.
>
> This is for the current archlinux, rsyslog 8.22 is built from original
> sources. It goes like this :
>
> 1) journald is stopped, disabled and masked. Not running at all.
>
> 2) rsyslog.service is enabled and started by a systemd service as such :
>
> ExecStart=/usr/local/sbin/rsyslogd -n -iNONE
>
> 3) The rsyslog configuration is for now the most simple that can be :
>
> module(load="imuxsock"
> SysSock.Name="/dev/log")
>
> *.*;auth,authpriv.none -/var/log/syslog
>
> 4) Reboot
>
>
> I have a question about the formulation of the module command. Is that
> the right way of loading a module. It works, but is it right ?
>
> Also, so far tests have shown that /dev/log must be explicit. If not,
> no device will be created.
>
> Thanks for any input.
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal