Debian Configuration :: Enabling Persistent Logs With Systemd
Dec 1, 2015
How to enable persistent logging with systemd? I find it really weird that all this machinery that is systemd doesn't store persistent logs, what if I'm trying to retrieve some information regarding previous boots?
For instance: I have random suspend issues, after rebooting the computer there's no trace left in the logs of what happened, and furthermore (at least in Jessie) I can no longer see a pm-suspend log.
So, at first it sounds like all you have to do is edit journald.conf setting #Storage=auto to "persistent" and create the /var/log/journal directory, but then reading here /usr/share/doc/systemd/README.Debian
Code: Select allEnabling persistent logging in journald
=======================================
To enable persistent logging, create /var/log/journal and set up proper permissions:
There are two main reasons why I decided to not enable persistent logging just yet ....
We did get corrupt journal files in the past where the journal then no longer worked at all [1]. With volatile you can just reboot and have a clean state again. Admittedly, the journal has seen a lot of improvements in the mean time and hopefully is more robust, so this point is no longer true.
We still install rsyslog by default. That means we get store them twice. This is something we don't want to do atm.
as far as I can see, there is currently no option to delete this files from within systemd facilities, is that correct?
Should they be deleted manually, or just left alone?
Apparently I can still read all older logs regardless of such reported corruption, using the journalctl --boot -n option.
EDIT:Another thing coming to mind is that this has been happening for me not only in Jessie but in every systemd-based distro that I've tried, once permanent logging is enabled: is that some kind of systemd bug?
I'm getting BSOD when I'm booting my main system (debian 8 fully updated). I get a BSOD with a _ sign. URL...because I can't access to failed boots files. Besides having the files
Code: Select allfelipe@debian ~ % ls /var/log/journal 362d07f9e18b45f8aec4575c347f181d 92e8a448f7a348719da129184a7e6821
Code: Select allfelipe@debian ~ % journalctl --list-boots 0 0c51ae5b67f144059c5470dbe345d621 vie 2016-03-25 09:05:29 ART—vie 2016-03-25 09:11:58 ART
On macbook air 6.2, i've installed a Debian jessie mate DE, dual boot using refind. I'm currently fine-tuning it. I've made a script following powertop advice:
I upgraded my machine from Wheezy to Jessie, opted to not install systemd yet. When i try to upgrade kde-plasma-desktop, apt doesn't let me do it.
For some reason "libpam-systemd : Depends: systemd (= 215-17+deb8u1) but it is not installable"
Installing systemd-shim doesn't work. Libpam-systemd package site gives impression that you would be able to use systemd or systemd-shim.
Tried looking through changelog, but it didn't really give any hint.
At 215-6 there are just Code: Select allSwitch libpam-systemd dependencies to prefer systemd-shim over systemd-sysv, to implement the CTTE decision #746578. This is a no-op on systems which already have systemd-sysv installed, but will prevent installing that on upgrades. (Closes: #769747) Version of libpam-systemd that would be installed is "Candidate: 215-17+deb8u1"
When I first started running Jessie 8.1 I noticed that after the disk check the boot was quiet, ie. no messages to the terminal . However, something has happened and now when I boot the machine I get a verbose listing of all the processes being started. Is there a way to change it back to the way it was? In other words a quiet boot. The only thing I know of that has been 'anomalous' behavior is the other day when doing a mp4 to avi conversion, using avconv, I apparently had an over temp condition which closed my LXDE session and brought me to the login prompt. Don't know what other info one may need but feel free to ask for more, if necessary.
3 packets transmitted, 0 received, 100% packet loss, time 1999ms.Same result when using the standard Debian ntp time servers like "server 0.debian.pool.ntp.org iburst" in /etc/ntp.conf.
I have SSD drives without SCT support, because of this I want to tune /sys/block/device-name/device/timeout in order to force mdadm put these drives offline. So, I can see my drive like this:
Where can I tune /sys/block/device-name/device/timeout from 30 to 7 sec only for these drive? I don't want to use rc.local.
Can I create right udev rules for it in /etc/udev/rules.d?
I want to avoid any conflict with /lib/udev/rules.d.
Code: Select all# udevadm monitor --environment --udev monitor will print the received events for: UDEV - the event which udev sends out after rule processing
a NAS running Debian that frequently (but not always) has two removable media attached,a Debian desktop that mounts the above NAS via sshfs,the aforementioned removable media are symlinked to the directory on tha NAS that is then mounted by the desktop.
What I'd like this setup to do is to immediately time out if mounts as unavailable. Instead, I only get the expected behaviour if the NAS is down (the ssh client takes about 3 seconds to do that); if it's up, the removable media automounts (they are symlinked to the directory shared with the desktop) seem to never time out, ever. This happens locally on the NAS as well, when ssh'ing to the NAS and trying to run `ls /media/Storage` or `ls /media/Backup`, these commands never return. It's as if systemd was ignoring the x-systemd.device-timeout setting on the NAS.
I find it highly interesting that despite both removable media being detached, only one is flagged as having a dependency failed. Both paths exhibit the hang behaviour, though.
What can I do to actually time out when the media are not there?
Just migrated to stretch, and noticed we're not using acpid anymore. Had couple of scripts at /etc/acpi/events listening for some events. What would be the alternative with systemd?
I decided to update all the software on my computer. Fortunately, it upgraded kernel version 3.14 to 3.16. I was happy to learn that suspend now worked on my laptop by calling pm-suspend, but it did not worked by closing the lid. So I search and found on debian's website that installing systemd and adding some config lines in /etc/systemd/logind.conf would sove the issue. So I followed the procedure and did like instructed, to end up with a computer that boots on black screen.
The last verbrose line I see on boot up is "kvm disabled by bios" and then it shutdown down the screen. The computer works, as I can login and shutdown by doing those operation blindly.
I tried removing systemd but it still does not work. If I use the old kernel 3.14 I can boot without any problem, but if I use kernel 3.16, I boot to a black screen. I remember successfully booting in 3.16 before installing systemd.
I have a problem defining persistent device naming on a Debian Lenny server.I have:RAID1 controller on the server machine with two SCSI disks.external storage with RAID5. I have / mount on the first partition on the server SCSI disk and /storage mount on the external storage.
I'm experiencing a problem: The system recognizes the system disk (RAID 1), as sda or sdb - randomly.I want: To control the recognition, and tell the system that sda (sda1) will always be the system disk.The motivation: GRUB is configured to work with sda, and when the system disk doesn't, boot process fails, and I end up in the initramfs shell-like interface.
Booting the kernel . . . mount:mounting /dev on /root/dev failed: No such file or directory mount:mounting /sys on /root/sys failed: No such file or directory
I installed few days ago Debian Jessie (Linux server-1 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1+deb8u3 (2015-08-04) x86_64 GNU/Linux) for some tests.I tried to install iptables-persistent with the command "apt-get install iptables-persistent".During the install process, I got the following message :
Some talks about cups, acpid, ipv6 or systemd but nothing has solved the issue in my case.I used iptables-persistent many times with older debian versions.
I want to customise an amnesic Debian environment (like Kali Live CD) with everything (Users, background, icons, etc.) set up to work the way I need. This OS should be inside a memory stick, and, most important, it has to have an encrypted partition I can mount and unmount whenever I want to save persistent data.
In a squeeze box, I installed awstats and it's working like a charm. Its cron job update the awstats database every 10 minutes (as it runs as root). But I would like to be able to update the statistics from the browser as well. So I setup everything as required and I gave "read" access to "others" to every apache log file. Now, a couple of questions came to my mind:
1. Am I compromising server's security giving "read" access to "others" to apache log files?
2. Instead of giving "read" access to "others", I could add www-data user to adm group (as apache log files are owned by root:adm and permissions are rw-r----). Is this more secure than giving "read" access to "others"? 3. If the option would be giving "read" access to "others" at the end, a log file would be owned by root:adm and its permissions be rw-r--r--. As apache rotates its log files, when Apache create a new log file, does it preserve the permissions (rw-r--r--) or create it with the default permissions (rw-r-----)?
So, my issues since upgrading to Jessie seem to compound. When I fix one issue, two more arise. Right now, I have a full system disk. How it got so full. So I started poking around. I ran
Code: Select all find / -type f -size +50M -exec ls -lh {} ; | awk '{ print $NF ": " $5 }'
Found a few files I could delete, and did, but I also found Code: Select all/var/log/syslog.1: 33G /var/log/messages: 33G /var/log/user.log: 33G
What I find strange is that they're all exactly 33G each. So that accounts for the missing 99GB I deleted them, however only recovered 27Gb. Whats weird is when I type df -h I get
What are the tmpfs's and how can I reclaim that space, and what is /dev/dm-0 and why is that taking up so much space?
I have 2 LVGs vgdisplay -v
Code: Select allroot@SETV-007-WOWZA:~# vgdisplay -v DEGRADED MODE. Incomplete RAID LVs will be processed. Finding all volume groups Finding volume group "WOWZASERVER"
[Code] ....
After deleting the log files, I was able to regain access to my GDM session. But I still cant find out what /dev/dm-0 is, and where all the 75 GB is being taken up.
I just noticed, however, even though I can access the drive A-OK via browser, terminal, and web services (Our wowza) when I enter gParted I get this error for sda, my primary OS drive!
Code: Select all Libparted Bug Found!
Error informing the kernel about modifications to partition /dev/sda2 -- Invalid argument. This means Linux won't know about any changes you made to /dev/sda2 until you reboot -- so you shouldn't mount it or use it in any way before rebooting
Now that I'm in gParted I see 3 partitions: [URL] ....
It reports now, that I have used ALL of my disk space.
Post Log delete, and fresh reboot, this is what Code: Select alldf -h outputs
wants some sort of logging capability on the system. to have a log of every change to every file, although that might be a bit unwieldy. perhaps a simpler compromise would be some way of monitoring a few specific folders, and tracking all changes to them, including the user that did so. Particularly important is that it should be possible to work with access through samba, as we want to track what users on the network are creating or changing files. Is there functionality like this already built into debian or samba? is there a useful additional app to gather this information? or am I going to need to be grep'ing log files to present something useable?
This issue has been a thorn in my side since -13.0 was released. I cannot get the konsole configuration to "stick". If I start konsole, then click Settings->Edit Current Profile, then change the font & font size, click "Apply", then "OK", the changes work during that session, but when I close the program, then open it back up, I am back to the default settings. If I make a root profile, the foreground & background colors will persist, but not the font settings or the initial command. This bugged me so much that I moved to mrxvt, which is working nicely, but I would like to get konsole to behave as well. NOTE: I have recently installed -current on this laptop & put on Alien Bob's KDE 4.4 packages. I cannot get konsole to work right here, either.
I leave my system in suspend mode overnight and wake it up first thing in the morning. At 9:15 it will automatically run housekeeping scripts via cron and these are completed by 9:30. Some time later I will turn on the monitor and start work. Since moving from Wheezy to Jessie the system has switched off for no apparent reason. I checked the syslog and auth.log and found it completed all it's tasks at 9:30 then started shutting down at 9:35. Relevant extracts from these logs are attached ...
My OS is Jessie 64 bit with Cinnamon on a quite standard Gigabyte desktop with dual core intel processor, 4Gb RAM and SSD drive. It uses NVidia drivers and there were no unusual entries in x.org.log.
AUTH LOG May 21 09:36:15 michael systemd-logind[685]: System is powering down. May 21 09:36:15 michael gnome-keyring-daemon[1477]: g_dbus_connection_real_closed: Remote peer vanished with error: Underlying GIOStream returned 0 bytes on an async read (g-io-error-quark, 0). Exiting. May 21 09:36:15 michael lightdm: pam_unix(lightdm:session): session closed for user michael May 21 09:36:16 michael polkitd(authority=local): Unregistered Authentication Agent for unix-session:1 (system bus name :1.39, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_AU.UTF-8) (disconnected from bus) May 21 09:36:16 michael sshd[680]: Received signal 15; terminating.
I was trying to install recent updates, but apt-get couldn't do this. Here's the output I got:
Code: Select all(Reading database ... 187979 files and directories currently installed.) Preparing to unpack .../udev_215-17+deb8u1_i386.deb ... Failed to execute operation: Connection reset by peer
Message from syslogd@debian-LAPTOP at Jun 6 14:56:49 ... kernel:[357720.299647] systemd[1]: segfault at b87cf92c ip b765e480 sp bf872e60 error 4 in systemd[b762f000+130000] Unpacking udev (215-17+deb8u1) over (215-17) ... Failed to execute operation: Activation of org.freedesktop.systemd1 timed out
[Code] ....
Now I can't continue upgrading because every time it tries to finish the previous update and fails to process udev.
I don't know if it's relevant, but while upgrading udev for the first time, my laptop switched to tty1 on its own. When I switched it back to graphic subsystem, it still was in process of upgrading udev or systemd and after all failed to finish.
When i login on localhost with pubkey-auth, i get the following in my log
Code: Select allSep 20 12:42:27 aldebaran sshd[19745]: Accepted publickey for root from 127.0.0.1 port 37520 ssh2: RSA 45:4e:27:4d:30:f5:3d:25:10:d0:92:88:53:77:1a:3b Sep 20 12:42:27 aldebaran sshd[19745]: pam_unix(sshd:session): session opened for user root by (uid=0) Sep 20 12:42:27 aldebaran systemd[19757]: pam_unix(systemd-user:session): session opened for user root by (uid=0) Sep 20 12:42:27 aldebaran systemd-logind[585]: New session 70 of user root. Sep 20 12:42:27 aldebaran systemd[19757]: Starting Paths.
During the boot-sequence of jessie there is more text flying by on the screen (including some errors or warnings) than I can read thorugh fast enough. I don't think this is very serious stuff, and if it were I could always look at dmesg and or syslog i /var/log but I would find it really convenient to log these messages in a file instead of sifting through or grep-ing dmesg.
When duckduckgoing this matter I found [URL] ....
I installed tried bootlogd but when configuring it to "yes" and rebooting nothing comes up in /var/log/boot.
Then I saw this line in above link
If you use systemd as your init system, you may need to use systemctl to debug boot problems.
I tried to set up my linux server with a specific script that can control my gameserver (mta). The thing is, I wanted to let this script be forced to start by the systemd, so I created a service called 'mtadef' (btw: same name as the user).
A computer upgraded from 7.3 to 8.2 suffered a number of stability issues which were traced to systemd having replaced sysvinit in this version. Worst of these was that instead of shutting down it just cut the power instantly, causing disk corruption. Basically, from what I can find out, this systemd component seems like it works OK on a completely fresh install but causes multiple issues if it finds its way onto an updated system. I found some instructions on reinstating sysvinit, which cured the issues.
However, on attempting to install the Brasero CD/DVD app via synaptic, I notice that this will force reinstallation of systemd as a dependency, even though it's been locked-out of updates. Luckily I spotted this in time and cancelled. You really wonder why a CD writing app would need to do this. I certainly seems rather naughty for any desktop package to be changing system startup code in a manner which could break the OS.
At the moment I'm not sure if it's the only app which does this -although k3b seemingly does not. Any thoughts on this gotcha, and how to prevent a repeat, other than being extremely careful when installing anything?