On Wed, 17.07.13 15:04, M A Young (m.a.young@xxxxxxxxxxxx) wrote: > On Wed, 17 Jul 2013, Lennart Poettering wrote: > > >"cat /var/log/messages" becomes "journalctl" > >"tail -f /var/log/messages" becomes "journalctl -f" > >"tail -n100 /var/log/messages" becomes "journalctl -n100" > >"grep foobar /var/log/messages" becomes "journalctl | grep foobar" > > > >This isn't complex. You can grep/sed/awk as much as you want. You just > >do it over the output of journalctl rather than teh file. That's not > >that big a difference. > > One thing you have missed is how you edit the log file. There may be > cases where you want to strip out log entries, eg. when a process > has gone wild and swamped the useful messages with useless ones and > you want to keep the useful ones and throw away the useless ones. Well, with stuff like FSS we actually provide you with extra features to track log file manipulations. We try to make it harder to manipulate log files and easier to detect manipulated log files. We also provide you with tools to effectively counter misbehaving log clients: by default there's a per-service rate limiting logic, that is slightly modulated by the available disk space (the more space is available the later we start rate limiting log output) and by the log level (to ensure that errors still are captured at a point where debug messages are already dropped because of a flood). Together this should be a pretty effective way to counter log floods automatically without admin intervention, in a way that one misbehaving service cannot cause loss of messages of other services, and in a way that the important stuff still gets through if there's a flood. Lennart -- Lennart Poettering - Red Hat, Inc. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
