On Wed, 17 Jul 2013, John.Florian@xxxxxxxx wrote:
> From: m.a.young@xxxxxxxxxxxx > > On Wed, 17 Jul 2013, Lennart Poettering wrote: > > > "cat /var/log/messages" becomes "journalctl" > > "tail -f /var/log/messages" becomes "journalctl -f" > > "tail -n100 /var/log/messages" becomes "journalctl -n100" > > "grep foobar /var/log/messages" becomes "journalctl | grep foobar" > > > > This isn't complex. You can grep/sed/awk as much as you want. You just > > do it over the output of journalctl rather than teh file. That's not > > that big a difference. > > One thing you have missed is how you edit the log file. There may be cases > where you want to strip out log entries, eg. when a process has gone wild > and swamped the useful messages with useless ones and you want to keep the > useful ones and throw away the useless ones. I used to do something like this with vim ":g/NOISE/d" until I could see the detail I wanted when the alternations for grep would have been tremendously long. With journalctl's built-in filtering capabilities I'm glad I don't have to do that anymore; it's way more concise. However, all use cases differ, so if you must, you can: "journalctl | vim -". YMMV with other editors though.
That isn't a complete solution though because you may want to remove the bad logs completely to free up the space they are taking up. Of course you may have already lost all the interesting logs by this point with journald anyway because they have been overwritten.
That leads me to ask another question, how well does journald cope with keeping certain logs long term? The classic syslog way of doing this is to send them to a separate file, then use logrotate to compress them once they have been rotated. Is there any equivalent with journald? Compressing may be necessary due to the quantity of logs required.
Michael Young
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
