this post was submitted on 24 Aug 2024
35 points (94.9% liked)

Linux

48052 readers
658 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

If I'm using Arch or another minimal distro, is it a good idea to install a syslog daemon? Or can I go without?

top 22 comments
sorted by: hot top controversial new old
[–] [email protected] 27 points 2 months ago (2 children)

You dont need syslog. Journald is good enough for most systems.

[–] [email protected] 5 points 2 months ago

I also don't like the duplication of logs in journald and syslog, so I always disable forwarding to syslog

[–] DeltaWingDragon 0 points 2 months ago (1 children)

What if I'm on another minimal distro, like Artix, that doesn't use systemd? Journald is a systemd thing, and I'm not going to install systemd on top of a perfectly good init system.

[–] [email protected] 3 points 2 months ago

Use whatever that distro recommends then - which as far as I can tell seems to be svlogd for runit based systems. Though you should consult their documentation and make your own decision on which logger to use.

[–] [email protected] 8 points 2 months ago

Whatever floats your boat, but if something goes wrong you don't really have anything to figure out what's going on.

[–] [email protected] 3 points 2 months ago (1 children)

It’s often more useful for minimal installations to keep the system log daemon running so that you can see when things happen and stop them from happening.

Especially now that even very low power embedded systems run multiple cpu cores at multi-ghz clocks, interface with gigabytes of memory, hundreds of gigabytes of attached storage and communicate through multi-gigabit network links, lots of stuff can be happening that is unwanted or simply unnecessary without any external indications.

What are you trying to accomplish by not running a syslog daemon?

[–] DeltaWingDragon 0 points 2 months ago (1 children)

Not really trying to accomplish much, just trying to save a few seconds in the manual installation process.

[–] [email protected] 2 points 2 months ago (1 children)

If it’s a race from boot to login prompt then making sure the installer never has to dial out and retrieve packages would be a bigger savings. Making sure the installer is on the fastest bus possible would be huge too. I think one nvme installing to another one would be fastest (assuming enough lanes).

Don’t take the wheelie bars off your dragster to save weight, wheelies are slow.

[–] DeltaWingDragon 1 points 2 months ago

Upvoted solely for the last line

[–] [email protected] 3 points 2 months ago (1 children)

wish I knew how to use the journal, seems like there isn't any good way to just search the previous session's logs without a mountain of fuss or having to guess file names

[–] [email protected] 7 points 2 months ago (2 children)

Check that you actually have persistent storage enabled. (See man journald.conf and search for Storage)

Read up on the numerous parameters to journalctl. (man journalctl)

journalctl --boot -2 will show logs from previous boot.

journalctl --since "-2 weeks" --unit=sshd last two weeks worth of sshd logs.

[–] [email protected] 3 points 2 months ago (1 children)

I think there's a minor mistake in your command. jounalctl --boot -1 is the previous boot. The counting starts at --boot 0 for the current one.

[–] [email protected] 2 points 2 months ago

You're right ofcourse.

[–] DeltaWingDragon -1 points 2 months ago (1 children)

What if I'm on another minimal distro, like Artix, that doesn't use systemd? Journald is a systemd thing, and I'm not going to install systemd on top of a perfectly good init system.

[–] [email protected] 2 points 2 months ago

If adopt systems then the question is easy to answer: no, journald does everything you need.

without adopting systemd.. well. Are you evaluating going without any log handling at all and maybe just dumping logs ephemerally to tty0? DIYing all log stuff like your init scripts DIY things?

Personally if I had to go without journald I'd probably go back to using syslog-ng. But I guess there's an argument for shipping straight into something like opentelemetry-collector if you're willing to put in a lot of work.