If I’m using Arch or another minimal distro, is it a good idea to install a syslog daemon? Or can I go without?

  • Mactan@lemmy.ml
    3·
    1 个月前

    wish I knew how to use the journal, seems like there isn’t any good way to just search the previous session’s logs without a mountain of fuss or having to guess file names

    • MummifiedClient5000@feddit.dkEnglish
      8·
      1 个月前

      Check that you actually have persistent storage enabled. (See man journald.conf and search for Storage)

      Read up on the numerous parameters to journalctl. (man journalctl)

      journalctl --boot -2 will show logs from previous boot.

      journalctl --since "-2 weeks" --unit=sshd last two weeks worth of sshd logs.

      • patatahooligan@lemmy.world
        3·
        1 个月前

        I think there’s a minor mistake in your command. jounalctl --boot -1 is the previous boot. The counting starts at --boot 0 for the current one.

      • DeltaWingDragon@sh.itjust.worksOP
        12·
        1 个月前

        What if I’m on another minimal distro, like Artix, that doesn’t use systemd? Journald is a systemd thing, and I’m not going to install systemd on top of a perfectly good init system.

        • eyeon@lemmy.world
          2·
          1 个月前

          If adopt systems then the question is easy to answer: no, journald does everything you need.

          without adopting systemd… well. Are you evaluating going without any log handling at all and maybe just dumping logs ephemerally to tty0? DIYing all log stuff like your init scripts DIY things?

          Personally if I had to go without journald I’d probably go back to using syslog-ng. But I guess there’s an argument for shipping straight into something like opentelemetry-collector if you’re willing to put in a lot of work.