[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Systemd - reading log files

I didn't see the distro in question.   For now RHEL7 writes to both /var/log and journalctl.   The /var/log stuff survives a reboot.   The journalctl doesn't unless you've specifically configured it to do so.

-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of DJ-Pfulio
Sent: Friday, September 25, 2015 2:41 PM
To: ale at ale.org
Subject: Re: [ale] Systemd - reading log files

"System Rescue" is an extremely well-known distro to handled issues like this. http://distrowatch.com/table.php?distribution=systemrescue
It has been around and widely used over a decade.

A scenario:

Grandma has been running Ubuntu desktop since 10.04 and I've helped update her to 12.04, 14.04 and 16.04  ... over the network.  No media.

One day, Ubuntu desktop doesn't boot. She has media from 10.04, but nothing newer.  I have to drive 8 hrs, bring a new distro, to look at the log files?

Another scenario:
It isn't grandma - but close - my small manufacturing company has a single file server at each location - they have 150 locations world-wide. The server is patched, maintained, and backed up remotely.
ext3 is the file system - ain't broke, so why change? No other computers at the site. There is a power outage longer than the UPS can handle, so the server shuts down and won't boot.  Most of the managers have dutifully saved the CDROM disc they were told was absolutely critical - they've never needed it before. It won't help anymore.

Basically, all the prior "save-your-butt" techniques need to be revisited thanks to binary log files. Any local training for non-admins will need to be revisited too.

I want to be prepared before the phone calls begin. That's all.

We have a box that won't boot and it needs to ASAP - we are losing money or grandma is pissed - not sure which is worse. Support is 8+ hrs away.
Not everyone has 500 servers in 3 data centers with 24/7 support people onsite.

This is just a question. As we move to journald, there are a few other items that also need to change. Are there others that may not be expected?

On 09/25/2015 01:46 PM, Solomon Peachy wrote:
> On Fri, Sep 25, 2015 at 01:17:54PM -0400, DJ-Pfulio wrote:
>> I don't have the install disk anymore. Just normal pre-systemd disks 
>> laying around.
>> Now what?
> You download a copy of your distro's minimal install (or rescue) 
> image, put it on a USB stick, boot off of that, and get on with things?
>> Do we need to always have text logging enabled in addition to having 
>> binary logging until System Rescue is updated to support journald?
> Um... when you say "System Rescue" you're referring to something in 
> particular?   How would this not apply to any other new-ish feature (eg 
> some snazzy new filesystem) that your old recovery tools don't 
> understand?
> I remember this sort of teeth-gnashing when LVM usage became more 
> widespread.  And when ext3 was introduced.  And ext4.  And full-disk 
> encryption.  And... and...and...
>> The 20+ yrs of being able to use any Linux distro to view log files 
>> on a non-booting system are really over?
> You wouldn't have been able to take a random 10-year-old distro image 
> and read a modern filesystem either.  Heck, it might not even *boot* 
> on modern hardware.
> Alternatively, you could also boot off your outdated "system rescue" 
> media, copy the journal files somewhere else, and look at them on a 
> different system that has the journal tools installed?  (which is what 
> you should be doing if you're doing forensic analysis anyway)
>  - Solomon
Ale mailing list
Ale at ale.org