[ale] Systemd - reading log files
DJ-Pfulio
DJPfulio at jdpfu.com
Fri Sep 25 14:40:55 EDT 2015
"System Rescue" is an extremely well-known distro to handled issues like
this. http://distrowatch.com/table.php?distribution=systemrescue
It has been around and widely used over a decade.
A scenario:
Grandma has been running Ubuntu desktop since 10.04 and I've helped
update her to 12.04, 14.04 and 16.04 ... over the network. No media.
One day, Ubuntu desktop doesn't boot. She has media from 10.04, but
nothing newer. I have to drive 8 hrs, bring a new distro, to look at
the log files?
Another scenario:
It isn't grandma - but close - my small manufacturing company has a
single file server at each location - they have 150 locations
world-wide. The server is patched, maintained, and backed up remotely.
ext3 is the file system - ain't broke, so why change? No other computers
at the site. There is a power outage longer than the UPS can handle, so
the server shuts down and won't boot. Most of the managers have
dutifully saved the CDROM disc they were told was absolutely critical -
they've never needed it before. It won't help anymore.
Basically, all the prior "save-your-butt" techniques need to be
revisited thanks to binary log files. Any local training for non-admins
will need to be revisited too.
I want to be prepared before the phone calls begin. That's all.
We have a box that won't boot and it needs to ASAP - we are losing money
or grandma is pissed - not sure which is worse. Support is 8+ hrs away.
Not everyone has 500 servers in 3 data centers with 24/7 support people
onsite.
This is just a question. As we move to journald, there are a few other
items that also need to change. Are there others that may not be expected?
On 09/25/2015 01:46 PM, Solomon Peachy wrote:
> On Fri, Sep 25, 2015 at 01:17:54PM -0400, DJ-Pfulio wrote:
>> I don't have the install disk anymore. Just normal pre-systemd disks
>> laying around.
>>
>> Now what?
>
> You download a copy of your distro's minimal install (or rescue) image,
> put it on a USB stick, boot off of that, and get on with things?
>
>> Do we need to always have text logging enabled in addition to having
>> binary logging until System Rescue is updated to support journald?
>
> Um... when you say "System Rescue" you're referring to something in
> particular? How would this not apply to any other new-ish feature (eg
> some snazzy new filesystem) that your old recovery tools don't
> understand?
>
> I remember this sort of teeth-gnashing when LVM usage became more
> widespread. And when ext3 was introduced. And ext4. And full-disk
> encryption. And... and...and...
>
>> The 20+ yrs of being able to use any Linux distro to view log files on a
>> non-booting system are really over?
>
> You wouldn't have been able to take a random 10-year-old distro image
> and read a modern filesystem either. Heck, it might not even *boot* on
> modern hardware.
>
> Alternatively, you could also boot off your outdated "system rescue"
> media, copy the journal files somewhere else, and look at them on a
> different system that has the journal tools installed? (which is what
> you should be doing if you're doing forensic analysis anyway)
>
> - Solomon
>
More information about the Ale
mailing list