I am trying to figure out the relation of the two,
/run/systemd/journal/dev-log
/run/systemd/journal/syslog
which I could not find enough clear documentation. In certain sense, are they basically the same? Because when I include either one in "unix-dgram()" of syslog-ng, I pretty much get the same output. Is there any difference? Anyway, what is the relation between the two?
Thanks for the clarification.
Best Answer
It's easy when you know how :)
ok, I lied about it being so easy. I don't have a syslog daemon, and that means I don't have syslog.socket activated. But that's where I found the docs:
https://www.freedesktop.org/wiki/Software/systemd/syslog/ says:
Hence the answer to your question is that you're not supposed to use either of these paths with
unix-dgram()
. You really need specific systemd support if you want to run as a syslog daemon under it.For an individual configuration, it sounds like you might get away with binding to
/run/systemd/journal/syslog
. This is definitely the least evil option, because a) it avoids fighting with journald over who owns/dev/log
, b) journald will write messages to it from STDOUT/STDERR of services, which are never written to/dev/log
. Given that it appears to work, I can't see any explicit disadvantages listed in the docs. The obvious disadvantage is "we do no longer recommend people to order their units aftersyslog.target
... early boot messages are lost entirely to your implementation." There's also a warning that "many services will not be able to log to your syslog implementation", but I think that's incorrect / would only apply if you listened on/dev/log
.