openSUSE blog syslogng vs journald

tsu2 · April 30, 2018, 7:32pm

A link to this blog just popped up in the openSUSE news feed,
Thought that the topic is important enough to repost the link here.

https://news.opensuse.org/2018/04/30/syslog-ng-vs-systemds-journald/

For those who aren’t aware of these two logging methods, the journal is the current standard method of storing and reading system (and some other) log files, essential to improving how your system runs and troubleshooting errors. In many ways, it’s a big improvement over what existed before which were individual syslog text files which requires search and parsing skills plus didn’t always have the information you needed.

As the blog describes,
This is fine if you only want to look at logs on your local machine, but this breaks down when you want to look for something across several machines in your network. Today, the systemd journal not only is mostly limited to reading local logs, as a newer technology many older at times very powerful apps don’t support collecting data directly from the journal.

To provide that traditional versatility, enter syslog-ng.
Enhanced, syslog-ng not only exports the journal log data into the older, traditional format for use with a multitude of tools, it’s also by itself a powerful tool for parsing what you want from the data.

The blog is short, and probably a worthwhile read no matter what level openSUSE User you may be.

IMO,
TSU

another_roadrunner · April 30, 2018, 7:57pm

zypper in syslog-ng
Retrieving repository 'Packman Repository' metadata .........................[done]
Building repository 'Packman Repository' cache ..............................[done]
Loading repository data...
Reading installed packages...
Resolving package dependencies...

Problem: systemd-logger-237-4.1.x86_64 conflicts with namespace:otherproviders(sysl
og) provided by syslog-ng-3.14.1-1.1.x86_64
 Solution 1: deinstallation of systemd-logger-237-4.1.x86_64
 Solution 2: do not install syslog-ng-3.14.1-1.1.x86_64

**Choose from above solutions by number or cancel [1/2/c] (c): **c

TW+KDE

tsu2 · April 30, 2018, 8:14pm

another_roadrunner:

zypper in syslog-ng
Retrieving repository 'Packman Repository' metadata .........................[done]
Building repository 'Packman Repository' cache ..............................[done]
Loading repository data...
Reading installed packages...
Resolving package dependencies...

Problem: systemd-logger-237-4.1.x86_64 conflicts with namespace:otherproviders(sysl
og) provided by syslog-ng-3.14.1-1.1.x86_64
 Solution 1: deinstallation of systemd-logger-237-4.1.x86_64
 Solution 2: do not install syslog-ng-3.14.1-1.1.x86_64

**Choose from above solutions by number or cancel [1/2/c] (c): **c

TW+KDE

To me,
That looks like something that should be submitted to https://bugzilla.opensuse.org
Namespace collision errors can be missed, and should be easy for someone to fix.
If you haven’t submitted a bug before, do so and become a contributing member(and should be easy to do)!

TSU

another_roadrunner · April 30, 2018, 8:20pm

Please, don’t laugh of me.
I never submitted a bug.
I will try.
Wish me luck.

I submitted it.

hcvv · April 30, 2018, 8:33pm

It is a good idea to post a link to the bug report here. Then others can confirm, add information, etc.

another_roadrunner · April 30, 2018, 8:39pm

Sorry. I do not know how to proceed.
This is the link
https://bugzilla.opensuse.org/show_bug.cgi?id=1091478

hcvv · April 30, 2018, 8:52pm

Thanks a lot.

another_roadrunner · April 30, 2018, 9:08pm

You’re welcome.

another_roadrunner · April 30, 2018, 9:56pm

I have the answer.
Pick 1.

hcvv · April 30, 2018, 11:11pm

The problem is that without inside information you can not be sure if it is a good idea to uninstall something else.

another_roadrunner · May 1, 2018, 4:45am

It is not my idea.
The bug was closed ant this was the answer.

tsu2 · May 1, 2018, 7:18am

Option 1 might cause problems for the journal, so I wouldn’t recommend that.

TSU

another_roadrunner · May 1, 2018, 7:24am

Sorry.
This was the answer I received:
https://bugzilla.opensuse.org/show_bug.cgi?id=1091478

another_roadrunner · May 1, 2018, 8:52am

You are right (@tsu2 and @hcvv).
It seems there are another views.

knurpht · May 1, 2018, 6:11pm

Eh, did you read the article ?
FWIW running Tw here and systemd-logger is not installed at all, is it on Leap ?

another_roadrunner · May 1, 2018, 6:16pm

Sorry, what article?
I am running Tw too.
I read only last post from the bug.

another_roadrunner · May 1, 2018, 8:29pm

It seems that is an old issue.
And I find the answer.

https://forums.opensuse.org/showthread.php/502340-journalctl-and-syslog-ng-on-13-2

Thanks Wolfi.

knurpht · May 1, 2018, 9:01pm

The article https://news.opensuse.org/2018/04/30/syslog-ng-vs-systemds-journald/

another_roadrunner · May 1, 2018, 9:09pm

Yes I read it from OP, thank you.
Do you mean that is probably a Tw’s issue not a Leap one.

nrickert · May 2, 2018, 4:00pm

Just a general comment.

I am using “rsyslog” with Leap 42.3. On that conflict, I went with “pick 1”. But I only had to do that, because “rsyslog” was not on the install DVD. For Leap 15.0, it looks as if “rsyslog” is on the install DVD. If you pick it at install time, you won’t have to uninstall something else, because nothing is yet installed.

As for which? It really depends on what you want. I’ve been using Linux and other unix variants for a long time. So I am used to looking at logfiles. So having logfiles is the best choice for me. For somebody coming to linux with no prior familiarity, allowing systemd-journal to manage the log records might well be the best approach.