Trying out systemd-journal-gatewayd

posted on 2013-09-07

With systemd the logging is handled by journal. This means that if we want to connect up a script, we will have to connect to journal instead of syslog-ng. To this end, systemd comes with systemd-journal-gatewayd, which allows you to write subprocess that follows system logs. You could probably use journalctl -f in a script, but connecting through the gateway seems like a much cooler solution.

Below I'll describe how to set up systemd-journal-gatewayd on Arch Linux. I assume you have already set up the use of sudo to make sure you are not constantly running around as root. If not, you may need to drop sudo off of every command I post.

Configure systemd-journal-gatewayd to bind to localhost only

To make sure the daemon will not accept connections from anywhere in the world, we start with making it bind to localhost only. You can later change this back if you want.

Open /usr/lib/systemd/system/systemd-journal-gatewayd.socket and change the line




which will make sure it only binds to localhost.

Start systemd-journal-gatewayd

To start the daemon, you start the .socket. Simply run sudo systemctl start systemd-journal-gatewayd.socket to start the service. If all went well, you will see your logging with the following command:

curl 'http://localhost:19531/entries?boot'

If you get all the logging on screen, you are done!

However, you may run into the some problems like I did, and get curl: (56) Recv failure: Connection reset by peer instead.

If you get an error, check the service with sudo systemctl status systemd-journal-gatewayd. If the output is:

systemd-journal-gatewayd.service - Journal Gateway Service
   Loaded: loaded (/usr/lib/systemd/system/systemd-journal-gatewayd.service; static)
   Active: failed (Result: start-limit) since Sat 2013-09-07 14:42:55 CEST; 27s ago
  Process: 1215 ExecStart=/usr/lib/systemd/systemd-journal-gatewayd (code=exited, status=217/USER)

then you have a problem with the user configuration. By default systemd-journal-gatewayd will try to run as the systemd-journal-gateway user and group. But, as the user does not exist we get an exit code 217. The solution is to add the user:

sudo useradd --system systemd-journal-gateway

Now we give it a second try. At this point you may run into a missing shared library. I needed to install libmicrohttpd as well.

Now as a last check, make sure the socket is really listening to only the localhost by using ss to check for listening sockets. The output of ss -nl should contain a line similair to

tcp  LISTEN  0  128    ::1:19531   :::*

And we are done. To make sure the service starts at the next boot, run sudo systemctl enable systemd-journal-gatewayd.socket.

If you run into other problems or have more tips, pleas consider posting a comment. Happy hacking!