3

To my understanding systemd-journald creates a couple sockets, where it posts its logging events.

# systemctl cat systemd-journald.socket | egrep -v '^ *#'

[Unit]
Description=Journal Socket
Documentation=man:systemd-journald.service(8) man:journald.conf(5)
DefaultDependencies=no
Before=sockets.target

IgnoreOnIsolate=yes

[Socket]
ListenStream=/run/systemd/journal/stdout
ListenDatagram=/run/systemd/journal/socket
SocketMode=0666
PassCredentials=yes
PassSecurity=yes
ReceiveBuffer=8M
Service=systemd-journald.service

So how can I read these events? I tried:

# netcat -U /run/systemd/journal/stdout
# echo $?
0
# netcat -uU /run/systemd/journal/socket

netcat immediately disconnect from the stdout (exit status is clean). netcat connect to the socket, but does not register any events - I can confirm this with the command journalctl -f -n0 which does show stuff going on, while socket output is empty.

NarūnasK
  • 2,345
  • 5
  • 25
  • 37
  • Why do you specifically need to use the socket? Doesn't journalctl -f suffice? – Raman Sailopal Oct 25 '17 at 10:58
  • 1
    Just trying to understand what info traverse the sockets and if syslog-ng utility shave off anything when it reads from them. – NarūnasK Oct 25 '17 at 11:11
  • You have completely the wrong end of the stick. These are not the sockets that syslog programs read from. See https://unix.stackexchange.com/a/294206/5132 and https://unix.stackexchange.com/questions/362681/ for starters. This question has a quite erroneous premise, so is not really answerable. – JdeBP Oct 25 '17 at 13:30
  • 3
    @JdeBP Can you elaborate more? In your own post you state '/run/systemd/journal/syslog' it writes journal data there. I just tried netcat -uU /run/systemd/journal/syslog which yielded no results either. FYI I have Alias=syslog.service in my syslog-ng.service which to my understanding activates /run/systemd/journal/syslog. – NarūnasK Oct 25 '17 at 14:58

1 Answers1

1

In this case you may use systemd-journal-remote:

systemd-journal-remote is a command to receive serialized journal events and store them to journal files. Input streams are in the Journal Export Format, i.e. like the output from journalctl output=export. For transport over the network, this serialized stream is usually carried over an HTTPS connection.

Stephen Kitt
  • 434,908
Torus Computer
  • 11