Stories
Slash Boxes
Comments

SoylentNews is people

Log In

Log In

Create Account  |  Retrieve Password

Gift a Subscription
Why Gift

chromas (34)

chromas
(email not shown publicly)
Log Out
Subscribe
Why Subscribe

Journal of chromas (34)

The Fine Print: The following are owned by whoever posted them. We are not responsible for them in any way.
Wednesday April 01, 20

Replacing journald: A systemd shitpost

09:55 AM
Code

With all the politics and CoronAIDS news lately, I think we're losing sight of what's really important—binary log files.

When systemd boots up journald, it passes in a few domain sockets (in /run/systemd/journal/) for reading:

  • socket (datagram) The main socket where everything that uses systemd's API comes in. Formatted as key-value pairs ("MESSAGE=Staring Windows"), one per line. One message per datagram.
  • stdout (stream) All std[out|err] output from daemons comes in here. For each process that starts up, you get a new connection that starts with a header of unlabeled values, one per line.
  • dev-log (datagram) Messages from processes using syslog(). One message per datagram.

It also reads /dev/kmsg for kernel messages.

If you want, you can point your classic syslog daemon to the systemd journals and configure journald to store nothing to disk. But where's the fun in that?

While I was sick a couple weeks ago (cougha cougha), I whipped up this little April Fools' shitpost. My journald replacement outputs all its logs to XML. You might think the ideal language for this would be Java, but I was already sick, so I used D, which is also appropriate.

Files are output to /var/log/journal-[datestamp].xml and the latest is symlinked to journal-current.xml. If it dies, you'll get a nice little exception dump in /var/log/journal.exception.

Most of the time—sort of an embarrassing amount, really—was spent trying to figure out how to receive the sockets through IPC. Turns out they're already there, starting at descriptor 3. Thanks, systemd!

First, we need to notify systemd we're up with a datagram to /run/systemd/notify ("READY=1\nSTATUS=Whatever."). Next, we identify the order of the sockets, then set up a loop to select() and recv() them. Every couple minutes, hit up the notify socket with "WATCHDOG=1" to let it know you're still there. Watchdog is an option set in systemd-journald.service.

Just take this source and run it through your favorite D compiler (dmd xmljournal) and drop the binary into /usr/lib/systemd/systemd-journald (be sure to backup the real one first, of course) and boot up.

Of course, you can output to whatever format you want, but doesn't XML just say "enterprise"?

Example output (/var/log/journal-20200401T092912.3944091Z.xml).

[Update: forgot this part]

If you run this, you'll get a start failure for Flush Journal because there's no code for reading /run/systemd/journal/io.systemd.journal. Also, there's no journalctl support. Just use grep and friends. That's what we all wanted, right?

For proper XML (or any other format) support, the correct thing to do instead of replacing journald is to edit journal-file.c in the systemd source because that's where the file I/O is done. The bonus is any tool using libsystemd to deal with the journal automatically supports your new format—after recompiling, of course.