1

I'm using Red Hat Enterprise Application Platform 6.4.2.GA on following system:

# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.1 (Maipo)
# uname -a
Linux X 3.10.0-229.7.2.el7.x86_64 #1 SMP Fri May 15 21:38:46 EDT 2015 x86_64 x86_64 x86_64 GNU/Linux
#

A new syslog handler was added via Core -> Logging -> Handler -> Syslog Handler.

On remote host (where rsyslogd is running), I'm seeing entries such as following:

# grep -c 'JBOSS\[' /var/log/messages
379
# grep 'JBOSS\[' /var/log/messages | tail -1
Aug  5 12:02:15 7dveap01 JBOSS[2615]: X is connected 
#

Using journalctl(1), I'd like to query the systemd journal and unfortunately I'm not getting desirable (or any) results, here is command that I'm using:

# journalctl --user-unit=JBOSS
-- Logs begin at Mon 2015-07-20 10:14:13 EDT, end at Wed 2015-08-05 12:30:01 EDT. --
#

I can't figure out what I'm doing wrong(Any help is appreciate)

alexus
  • 12,342
  • 27
  • 115
  • 173
  • systemctl list | grep -i jboss, i don't know if this is the problem, but I do journalctl --unit=rsyslog -f for the rsyslog unit and exist. – c4f4t0r Aug 10 '15 at 16:01
  • @c4f4t0r i assume you meant `systemctl list-units`, since I'm using remote `rsyslog`, there is no match for `jboss`. – alexus Aug 10 '15 at 16:32
  • yes list-units, do you have an unit for JBOSS? – c4f4t0r Aug 10 '15 at 16:37
  • @c4f4t0r not on remote host, that's running remote `rsyslog`, however as I referred in my question, there are entries of `jboss` inside of what's being logged, I just need to query it properly. – alexus Aug 10 '15 at 16:38
  • What is the name of the unit? – Michael Hampton Aug 10 '15 at 16:59
  • @MichaelHampton on EAP host (and not on remote `rsyslog`, unit is jbossas.service) I'm able to query it via `journalctl --unit=jbossas.service`, but on remote `rsyslog` server I'm unable to query it same way, however I'm able to `grep JBOSS /var/log/messages` and that's gets matched. – alexus Aug 10 '15 at 17:04
  • If the logs are being sent from one machine to the other via syslog, then the journal is not involved at all, and you won't be able to use journalctl on your syslog server to view log entries that originated remotely. You would have to use [systemd's journal shipping features](http://www.freedesktop.org/software/systemd/man/systemd-journal-remote.html) instead. – Michael Hampton Aug 10 '15 at 17:06
  • @MichaelHampton where can I find `systemd-journal-remote`? I installed `systemd-journal-gatewayd`, but still cannot find `systemd-journal-remote`( – alexus Aug 11 '15 at 20:19

0 Answers0