I’m working on a 13.2 x64 install, it’s up and running, and overall, it’s AWESOME! I do have a couple of issues that I’m working through, but I have one that I’ve chased for a while and I need some help with it.
The default install for 13.2 seems to install journalctl instead of syslog-ng. This is fine, there seem to be some really nice features in journalctl.
HOWEVER, I like to get my daily logwatch email, I can’t find a version of logwatch that knows about journalctl. So, I thought I’d simply install syslog-ng and have journald forward messages to syslog. This doesn’t work because the yast2 SW installer insists on having either journald/journalctl or syslog, but not both.
So…where can I find a logwatch that works well with journald/journalctl, or how can I have both journald/journalctl AND syslog installed? (I know that there are people that don’t like journald/journalctl, but I’d prefer to keep it at this point. I just want logwatch to work as well!)
It should work fine to have both. I do have rsyslog and systemd’s on-disk journal on one of my systems.
What conflict do you get?
If it’s about systemd-logger, remove that!
You do not need it, the only purpose of this package is to prevent other syslog packages sneaking in (via Recommends e.g.) when you only want to use the journal.
The package is completely empty, it just conflicts with any other syslog provider.
See the package’s description:
# zypper info systemd-logger
Loading repository data...
Reading installed packages...
Information for package systemd-logger:
---------------------------------------
Repository: openSUSE-13.2-Oss
Name: systemd-logger
Version: 210-25.5.4
Arch: x86_64
Vendor: openSUSE
Installed: No
Status: not installed
Installed Size: 1.6 KiB
Summary: Journal only logging
Description:
This package marks the installation to not use syslog but only the journal.
Yes.
If you wanted to disable the systemd journal, you’d just have to delete the directory /var/log/journal/ (I do understand that you don’t want to do that, I just wanted to mention it).
Btw, what I wrote before was not totally true: systemd-logger is not completely empty. It contains that directory (so that the journal can be stored there, you do not need to have the package installed though to have the directory… ), and a /var/log/README containing this:
You are looking for the traditional text log files in /var/log, and
they are gone?
Here’s an explanation on what’s going on:
You are running a systemd-based OS where traditional syslog has been
replaced with the Journal. The journal stores the same (and more)
information as classic syslog. To make use of the journal and access
the collected log data simply invoke “journalctl”, which will output
the logs in the identical text-based format the syslog files in
/var/log used to be. For further details, please refer to
journalctl(1).
Alternatively, consider installing one of the traditional syslog
implementations available for your distribution, which will generate
the classic log files for you. Syslog implementations such as
syslog-ng or rsyslog may be installed side-by-side with the journal
and will continue to function the way they always did.
Thank you!
Further reading:
man:journalctl(1)
man:systemd-journald.service(8)
man:journald.conf(5) Introducing the Journal
And there’s also a sysvinit script that does nothing but provide “syslog”, so that other scripts/services that depend on syslog can be started. This is of course not needed if you actually have another syslog installed.
Just to close off this thread, I uninstalled systemd-logger, installed syslog-ng, and everything is happy now. Yes, there is some duplicate logfile data, but not a big deal on this system.
), and a /var/log/README containing this: