Hi all, sos report includes the last X Mo of logs, sometimes filtered, sometimes not right now it's doing the equivalent of "journalctl | tail -cXm", which reads / format all logs, which can be extremely slow The fastest way I found so far is: journalctl --reverse | head -c Xm | tac This still has the drawback of having all logs in memory, or if using a temporary file, needing 2*X of disk space. I've tried to play with journalctl cursor to find the start and then output starting from the cursor 1) this doesn't work / CURSOR is only created when using -n journalctl --reverse --cursor-file=CURSOR | head -c Xm > /dev/null 2) this ends up being ~2 times slower than just using reverse | head | tac ``` #!/bin/bash cursor=$(mktemp cursor.XXXXXXXXXX) logsize=0 while [ "$logsize" -lt 104857600 ] do prevcursor="$(<$cursor)" ((logsize+=$(journalctl --reverse --cursor-file=$cursor -n 1000 | wc -c))) [ "$prevcursor" == "$(<$cursor)" ] && break done journalctl --cursor-file=$cursor rm -f cursor ``` Anyone have other ideas to do fast exports without having all logs in memory or twice on disk ? sos report ticket: https://github.com/sosreport/sos/issues/3615
Fastest way to dump last X Mo of logs from the journal ?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Fastest way to dump last X Mo of logs from the journal ?
- From: Etienne Champetier <champetier.etienne@xxxxxxxxx>
- Date: Wed, 24 Apr 2024 14:48:56 -0400
- Follow-Ups:
- Re: Fastest way to dump last X Mo of logs from the journal ?
- From: Lennart Poettering
- Re: Fastest way to dump last X Mo of logs from the journal ?
- From: Barry Scott
- Re: Fastest way to dump last X Mo of logs from the journal ?
- Prev by Date: Re: soft-reboot and surviving it
- Next by Date: Re: Fastest way to dump last X Mo of logs from the journal ?
- Previous by thread: Re: Better systemd naming for Azure/MANA nic
- Next by thread: Re: Fastest way to dump last X Mo of logs from the journal ?
- Index(es):
 |