[ale] Systemd - reading log files
Solomon Peachy
pizza at shaftnet.org
Fri Sep 25 13:46:39 EDT 2015
On Fri, Sep 25, 2015 at 01:17:54PM -0400, DJ-Pfulio wrote:
> I don't have the install disk anymore. Just normal pre-systemd disks
> laying around.
>
> Now what?
You download a copy of your distro's minimal install (or rescue) image,
put it on a USB stick, boot off of that, and get on with things?
> Do we need to always have text logging enabled in addition to having
> binary logging until System Rescue is updated to support journald?
Um... when you say "System Rescue" you're referring to something in
particular? How would this not apply to any other new-ish feature (eg
some snazzy new filesystem) that your old recovery tools don't
understand?
I remember this sort of teeth-gnashing when LVM usage became more
widespread. And when ext3 was introduced. And ext4. And full-disk
encryption. And... and...and...
> The 20+ yrs of being able to use any Linux distro to view log files on a
> non-booting system are really over?
You wouldn't have been able to take a random 10-year-old distro image
and read a modern filesystem either. Heck, it might not even *boot* on
modern hardware.
Alternatively, you could also boot off your outdated "system rescue"
media, copy the journal files somewhere else, and look at them on a
different system that has the journal tools installed? (which is what
you should be doing if you're doing forensic analysis anyway)
- Solomon
--
Solomon Peachy pizza at shaftnet dot org
Delray Beach, FL ^^ (email/xmpp) ^^
Quidquid latine dictum sit, altum viditur.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 155 bytes
Desc: not available
URL: <http://mail.ale.org/pipermail/ale/attachments/20150925/9268e201/attachment.sig>
More information about the Ale
mailing list