當很多事情慢慢改變的時候, 我們就要慢慢學習適應了
現在新的 OS 慢慢採用 systemd, 之前的想法是 ~ 就是開機方式改變啦, 所以也沒有特別去注意
直到今天我的硬碟有些狀況, console 吐出來一些訊息, 我要回頭去查 log 的時候, 才發現......真的要花時間學習啦 ^^
-- 是的 /var/log/messages 不見了
-- 因為 systemd-logger 取代我可愛的 syslog-ng
可以從這邊看到
https://news.opensuse.org/category/distribution/sneak-peeks/
journald
journald is replacing the old logging technologies in openSUSE (at least for most common cases). The two most important commands you need to know:
- journalctl – the old “cat /var/log/messages”
- journalctl -f – the old “tail -f /var/log/messages”
但是大家心理的 OS 是...........字這麼小.......會去注意才有鬼
對.....現在要用 journalctl 來看 log 了
◢▆▅▄▃ 崩╰(〒皿〒)╯潰 ▃▄▅▆◣
我是還沒有試 grep 結合啦....
當下馬上衝到 /var/log 底下
# ls /var/log/
README apparmor btmp gdm krb5 pbl.log snapper.log wpa_supplicant.log zypper.log
YaST2 audit cups hp lastlog pk_backend_zypp speech-dispatcher wtmp zypper.log-20141118.xz
alternatives.log boot.log faillog journal ntp samba tuned zypp
是的, 懷念的 /var/log/messages 已經不見了
可愛的是如果你去看 /var/log/README
You are looking for the traditional text log files in /var/log, and
they are gone?
Here's an explanation on what's going on:
You are running a systemd-based OS where traditional syslog has been
replaced with the Journal. The journal stores the same (and more)
information as classic syslog. To make use of the journal and access
the collected log data simply invoke "journalctl", which will output
the logs in the identical text-based format the syslog files in
/var/log used to be. For further details, please refer to
journalctl(1).
Alternatively, consider installing one of the traditional syslog
implementations available for your distribution, which will generate
the classic log files for you. Syslog implementations such as
syslog-ng or rsyslog may be installed side-by-side with the journal
and will continue to function the way they always did.
Thank you!
Further reading:
man:journalctl(1)
man:systemd-journald.service(8)
man:journald.conf(5)
http://0pointer.de/blog/projects/the-journal.html
有沒有再被補一刀的感覺??
好啦, 你會想說, 有看到 /var/log/journal 目錄, 去看看吧
# ls -R /var/log/journal/
/var/log/journal/:
016627c3c4784cd4812d4b7e96a34226
/var/log/journal/016627c3c4784cd4812d4b7e96a34226:
system.journal user-1001.journal
system@00050a15226e65e2-6a2adaf099149b92.journal~ user-1001@00050a1568c14eb9-763573ad8f79750c.journal~
user-1000.journal user-484.journal
這個檔案也不是 text 文字格式
所以你如果嘗試去 貓它 ( cat )
你只會得到無情的亂碼
然後那個 log 大小是那一招 ? 8 M / 24M ?
# ls -hl /var/log/journal/016627c3c4784cd4812d4b7e96a34226/
total 97M
-rw-r----- 1 root systemd-journal 8.0M Dec 13 19:21 system.journal
-rw-r----- 1 root systemd-journal 24M Dec 13 16:52 system@00050a15226e65e2-6a2adaf099149b92.journal~
-rwxr-xr-x+ 1 root systemd-journal 8.0M Nov 15 14:21 user-1000.journal
-rw-r-----+ 1 root systemd-journal 8.0M Dec 13 19:19 user-1001.journal
-rw-r-----+ 1 root systemd-journal 40M Dec 13 17:12 user-1001@00050a1568c14eb9-763573ad8f79750c.journal~
-rw-r-----+ 1 root systemd-journal 8.0M Dec 13 18:45 user-484.journal
使用 file 指令來檢查格式
# file /var/log/journal/016627c3c4784cd4812d4b7e96a34226/user-1000.journal
/var/log/journal/016627c3c4784cd4812d4b7e96a34226/user-1000.journal: Journal file, offline, compressed
看來用 cat 指令無望 Orz....
# journalctl | grep error
Nov 15 20:31:34 linux-dxsi gdm-Xorg-:0[791]: (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
Nov 15 20:31:59 linux-dxsi org.a11y.Bus[1213]: g_dbus_connection_real_closed: Remote peer vanished witherror: Underlying GIOStream returned 0 bytes on an async read (g-io-error-quark, 0). Exiting.
Nov 15 20:31:59 linux-dxsi org.gtk.vfs.Daemon[1213]: g_dbus_connection_real_closed: Remote peer vanished with error: Underlying GIOStream returned 0 bytes on an async read (g-io-error-quark, 0). Exiting.
Nov 15 20:31:59 linux-dxsi ca.desrt.dconf[1213]: g_dbus_connection_real_closed: Remote peer vanished with error: Underlying GIOStream returned 0 bytes on an async read (g-io-error-quark, 0). Exiting.
Nov 15 20:31:59 linux-dxsi org.gtk.Private.GoaVolumeMonitor[1213]: g_dbus_connection_real_closed: Remote peer vanished with error: 取回郵件發生錯誤:連線被對方重設 (g-io-error-quark, 0). Exiting.
目前採取 journalctl 搭配 grep 來使用
但是還是不太習慣
但是暫時又不想移除 systemd-logger 然後重新安裝 syslog-ng (能稱多久呢?)
# zypper search systemd-
Loading repository data...
Reading installed packages...
S | Name | Summary | Type
--+-----------------------------------+-----------------------------------------------------+-----------
i | systemd-32bit | A System and Session Manager | package
i | systemd-bash-completion | Bash completion support for systemd | package
| systemd-devel | Development headers for systemd | package
| systemd-journal-gateway | Gateway for serving journal events over the netwo-> | package
i | systemd-logger | Journal only logging | package
先記下來吧
看來要找時間去 man 一下相關資訊了
# man journald.conf
# ls /etc/systemd/
bootchart.conf journald.conf logind.conf system system.conf user user.conf
~ fun in share