Questions tagged [journald]
97 questions
1
vote
1 answer
Is there a way to configure journald.conf through cloud config on CoreOS?
Try to find a way to automatically set SystemMaxUse for systemd-journald.service. I knew I can set it in /etc/systemd/journald.conf manually. But it will restore to default after CoreOS updates in my experience.
Also, configuring drop-ins in…
![](../../users/profiles/359969.webp)
zeck
- 121
- 2
1
vote
1 answer
Sending docker logs to logstash
I have a number of CoreOS servers on Amazon AWS and would like to collect events or logs from them and forward them onto my ELK stack provider logz.io.
Being a little new to the ELK stack, I'm a little lost on how to best get the data out. It was…
![](../../users/profiles/14631.webp)
hookenz
- 14,132
- 22
- 86
- 142
1
vote
2 answers
Referencing journald fields when forwarding messages to syslog-ng
How can I change my syslog-ng template so that when the log originates from a systemd service / unit, the log message will include the unit's name?
Using ${PROGRAM} just shows the name of the executable that the systemd service called / that the…
![](../../users/profiles/30011.webp)
BSchlinker
- 340
- 2
- 3
- 12
1
vote
0 answers
Journald: give users access to specific unit's logs
I'm taking care of a server (Debian Jessie) that several developers use for deploying and managing their work.
Now there is a script on this server (managed by one of the developers) that does some regular maintenance stuff and therefore should run…
![](../../users/profiles/325708.webp)
sina
- 111
- 1
1
vote
0 answers
unable to query the systemd journal with journalctl
I'm using Red Hat Enterprise Application Platform 6.4.2.GA on following system:
# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.1 (Maipo)
# uname -a
Linux X 3.10.0-229.7.2.el7.x86_64 #1 SMP Fri May 15 21:38:46 EDT 2015 x86_64…
![](../../users/profiles/10683.webp)
alexus
- 12,342
- 27
- 115
- 173
1
vote
1 answer
Systemd service logs twice when it stops & starts. Anyway to disable?
I have a systemd (v249) service (my-script.service) which is run every minute by another systemd timer (my-script.timer). Everything's working fine. But systemd logs (to it's journald & thence to /var/log/syslog) the following 2 lines saying that it…
![](../../users/profiles/8950.webp)
Amandasaurus
- 30,211
- 62
- 184
- 246
1
vote
1 answer
How to send a systemd ssh error so that it's picked by fail2ban
I have a setup which uses ansible and vagrant to test a custom role which installs and configures fail2ban.
I have written myself a simple test playbook which uses the fail2ban role and applies the necessary configuration as expected. My intention,…
![](../../users/profiles/55252.webp)
tftd
- 1,480
- 7
- 24
- 38
1
vote
3 answers
systemd StandardOutput to a file _and_ to the journal?
I am regularly doing a long running (~5 day) data processing programme. I'm using Ubuntu and running the command with a systemd transient task via systemd-run --unit data_import /path/to/my-script.sh. It's working well. I can look at the logging…
![](../../users/profiles/8950.webp)
Amandasaurus
- 30,211
- 62
- 184
- 246
1
vote
0 answers
stop kernel audit messages logged in syslog without disabling auditing
OS: CentOS 7
I am trying to figure out how audit (kaudit) events are logged in /var/log/messages.
I have enabled audit=1 in grub which means when the server boots, kernel auditing is enabled. This is the desired state for the particular system and…
![](../../users/profiles/287984.webp)
giomanda
- 1,644
- 4
- 20
- 30
1
vote
1 answer
How I can send all logs from journald to GCP Logging?
Don't know what to add more to question, just want to send all logs. My applications write logs to journald, there is no files on disk.
UPD.
Just to clarify, there are files where journald store logs, my application do not create any logs files.
![](../../users/profiles/323312.webp)
Raf
- 163
- 7
1
vote
0 answers
Delete old SSH session recordings
Recently I've been testing SSH Session recording in Fedora + Cockpit as a method of auditing. This has been working pretty well, but it records too much information, and more importantly, picked up a zfs send transfer, which filled the journald…
![](../../users/profiles/126695.webp)
Alex
- 369
- 5
- 22
1
vote
0 answers
Connecting to systemd service's standard output/error
I have a simple systemd service that runs for some time and then exits. It usually gets triggered by a systemd timer but sometimes I want to run it manually (well, from a script). The problem is - I need that script to output to terminal whatever my…
![](../../users/profiles/602671.webp)
Discussian
- 11
- 1
1
vote
2 answers
Best way to archive journald logs in a space-efficient way?
It has been established that journald logs are huge. On this specific system, the logs grow about 3GB per week. For audit purposes I would like to preserve system logs for a longer time than what can I comfortably store on that system; this would…
![](../../users/profiles/16081.webp)
liori
- 737
- 3
- 14
1
vote
0 answers
Journal out of order
Trying to figure out what caused one of our servers (Ubuntu 18.04) to become unresponsive, I was looking through the journal ( journalctl -r) and saw strangely out of order timestamps
Apr 17 09:20:19 myserver kernel: microcode: microcode updated…
![](../../users/profiles/570338.webp)
SmoteKerrek
- 11
- 1
1
vote
0 answers
Disable "Failed password" ssh logs
Bots are tirelessly trying to log into my server using ssh. That does not bother me, because my passwords are good, but I don't like the fact that ssh spam fills journald logs. I'd like to filter out this noise. Please note that I don't want to…
![](../../users/profiles/240179.webp)
vbezhenar
- 261
- 1
- 3
- 10