Logging under EL7

In the good old days, prior to EL7 and systemd, the syslog daemon (and, later, the rsyslog daemon) would listen on the unix socket /dev/log for messages sent from daemons. The syslog daemon would then decide on which messages to record on the console, to local text files or to a remote syslog host.

With the introduction of systemd, an additional logging daemon has been added to the mix – journald. Journald provides much of the functionality of syslog – eg listening for messages from daemons – but it also adds the ability to receive :-

  • Structured system log messages via the native Journal API
  • Standard output and standard error of system services
  • Audit records, via the audit subsystem

Journald stores messages in structured, indexed binary journals rather than in text files. The authors argue that this makes it easier to make queries of local log files. Whether that is true or not, one definite advantage of journald is that it can create per-user journal files. Many daemons, eg sshd, mate-session, gnome-keyring-daemon etc,  log user specific information to /dev/log : this was previously unavailable to the user as the syslog file was protected. Per-user journal files allow individual users to read log entries specific to their account.

The syslog daemon has not disappeared from the scene. Journald does not, yet, have the ability to forward messages to remote logging hosts.  Under EL7, journald listens on the /dev/log socket, stores messages in its journals and then passes on the messages to syslog to process. Syslog can then forward messages to remote logging hosts.

For LCFG, we have decided to minimally change the syslog configuration. Log messages will continue to be logged to text files in /var/lcfg/log, but this will be in addition to the journald journals. This gives us some time to become used to querying the journald journals.  It may be that we may decide, in the future, to drop logging to text files.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply