With systemd the logging is handled by journal. This means that if we want to connect up a script, we will have to connect to journal instead of syslog-ng. To this end, systemd comes with systemd-journal-gatewayd, which allows you to write subprocess that follows system logs. You could probably use
journalctl -f in a script, but connecting through the gateway seems like a much cooler solution.
Below I'll describe how to set up systemd-journal-gatewayd on Arch Linux. I assume you have already set up the use of sudo to make sure you are not constantly running around as root. If not, you may need to drop
sudo off of every command I post.
Configure systemd-journal-gatewayd to bind to localhost only
To make sure the daemon will not accept connections from anywhere in the world, we start with making it bind to localhost only. You can later change this back if you want.
/usr/lib/systemd/system/systemd-journal-gatewayd.socket and change the line
which will make sure it only binds to localhost.
To start the daemon, you start the
.socket. Simply run
sudo systemctl start systemd-journal-gatewayd.socket to start the service. If all went well, you will see your logging with the following command:
If you get all the logging on screen, you are done!
However, you may run into the some problems like I did, and get
curl: (56) Recv failure: Connection reset by peer instead.
If you get an error, check the service with
sudo systemctl status systemd-journal-gatewayd. If the output is:
systemd-journal-gatewayd.service - Journal Gateway Service Loaded: loaded (/usr/lib/systemd/system/systemd-journal-gatewayd.service; static) Active: failed (Result: start-limit) since Sat 2013-09-07 14:42:55 CEST; 27s ago Process: 1215 ExecStart=/usr/lib/systemd/systemd-journal-gatewayd (code=exited, status=217/USER)
then you have a problem with the user configuration. By default systemd-journal-gatewayd will try to run as the systemd-journal-gateway user and group. But, as the user does not exist we get an exit code 217. The solution is to add the user:
sudo useradd --system systemd-journal-gateway
Now we give it a second try. At this point you may run into a missing shared library. I needed to install
libmicrohttpd as well.
Now as a last check, make sure the socket is really listening to only the localhost by using
ss to check for listening sockets. The output of
ss -nl should contain a line similair to
tcp LISTEN 0 128 ::1:19531 :::*
And we are done. To make sure the service starts at the next boot, run
sudo systemctl enable systemd-journal-gatewayd.socket.
If you run into other problems or have more tips, pleas consider posting a comment. Happy hacking!