On Mon, Jul 15, 2013 at 01:31:44PM +0200, Lennart Poettering wrote: > On Mon, 15.07.13 12:44, Jan Synacek (jsynacek@xxxxxxxxxx) wrote: > > > On 07/15/2013 11:22 AM, Frank Murphy wrote: > > No, logwatch works only with traditional text-based logs. There is this RFE > > filed [1], but that will probably not happen as it would require a total > > rewrite. It would make more sense to write a new logwatch-like utility from > > scratch, that handles only the journal. It's somewhere on my todo list, but has > > quite a low priority:( > > > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=864872 > > Such a change should be relatively easy. "journalctl" provides you with > an output that is pretty much identical to what /var/log/messages > contains. Hence, you can replace this: > > f = fopen("/var/log/messages", "r"); > > by this: > > f = popen("journalctl", "r"); > > And everything should just continue to work, the stream you read from > that is pretty much identical. At least for logcheck this won't work, because needs to get access to only the log entries that changed since the last run. For this it uses logtail whick keeps track for the inode and line offset on each invocation. Therefore it seems like it would somehow like this: previous_run = "$(cat last_run.txt)" current_run = "$(date --iso-8601=seconds --date '1 second ago' | head -c 19 | tr "T" " ") $log_data = $("journalctl --since $last_run --until $current_run) echo "$current_run" > last_run.txt But there seems to be the problem that journalctl does not support timezones/UTC time for since/until according to journalctl(1), therefore there does not seem to be a safe way to specify since/until that will even work when the current local UTC offset changes (daylight saving time). Also it is sad that journalctl does not directly accept ISO 8601 time specifications (I can open a bug if there is a changes it will be implemented). Regards Till -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
