[Openvpn-devel] More specific syslog process name with systemd

Message ID 20190815072855.21232-1-fkooman@tuxed.net
State Not Applicable
Headers show
Series
  • [Openvpn-devel] More specific syslog process name with systemd
Related show

Commit Message

François Kooman Aug. 15, 2019, 7:28 a.m.
Adds the `--syslog` option to specify the unit and configuration
name when using systemd.

Signed-off-by: François Kooman <fkooman@tuxed.net>
---
 distro/systemd/openvpn-client@.service.in | 2 +-
 distro/systemd/openvpn-server@.service.in | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

Comments

David Sommerseth Aug. 15, 2019, 12:31 p.m. | #1
On 15/08/2019 09:28, François Kooman wrote:
> Adds the `--syslog` option to specify the unit and configuration
> name when using systemd.

Could you please provide a rationale to why this is needed?  How things works
now, is that the systemd-journal picks up everything; including various
additional meta-data which syslog does not support.

Now you get the log data with: `journalctl -u openvpn-{client,server}@CONFIG}`
And this also provides filtering possibilities as well, like '-b' (only log
entries since last boot) or '--since yesterday'.

If you want logged data to syslog, have a look at the journal integration
rsyslog provides - which can also include the additional meta-data:
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/s1-interaction_of_rsyslog_and_journal>
François Kooman Aug. 15, 2019, 5:23 p.m. | #2
On 15.08.19 14:31, David Sommerseth wrote:
> Could you please provide a rationale to why this is needed?  How things works
> now, is that the systemd-journal picks up everything; including various
> additional meta-data which syslog does not support.

The rationale was that when viewing the log with journalctl you only see
the syslog identifier, i.e. "openvpn" and not the full unit name.

> Now you get the log data with: `journalctl -u openvpn-{client,server}@CONFIG}`
> And this also provides filtering possibilities as well, like '-b' (only log
> entries since last boot) or '--since yesterday'.

That's much better actually, there's also the journalctl -o verbose that
shows the _SYSTEMD_UNIT.

Thanks!

Please ignore the patch!

Cheers,
François
Gert Doering Aug. 15, 2019, 5:45 p.m. | #3
Hi,

On Thu, Aug 15, 2019 at 07:23:37PM +0200, François Kooman wrote:
> Please ignore the patch!

Argueing patches away is so much easier than ACKing :-))

gert

Patch

diff --git a/distro/systemd/openvpn-client@.service.in b/distro/systemd/openvpn-client@.service.in
index cbcef653..266d9f9c 100644
--- a/distro/systemd/openvpn-client@.service.in
+++ b/distro/systemd/openvpn-client@.service.in
@@ -10,7 +10,7 @@  Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
 Type=notify
 PrivateTmp=true
 WorkingDirectory=/etc/openvpn/client
-ExecStart=@sbindir@/openvpn --suppress-timestamps --nobind --config %i.conf
+ExecStart=@sbindir@/openvpn --syslog %p@%i --suppress-timestamps --nobind --config %i.conf
 CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
 LimitNPROC=10
 DeviceAllow=/dev/null rw
diff --git a/distro/systemd/openvpn-server@.service.in b/distro/systemd/openvpn-server@.service.in
index d1cc72cb..be086b79 100644
--- a/distro/systemd/openvpn-server@.service.in
+++ b/distro/systemd/openvpn-server@.service.in
@@ -10,7 +10,7 @@  Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
 Type=notify
 PrivateTmp=true
 WorkingDirectory=/etc/openvpn/server
-ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
+ExecStart=@sbindir@/openvpn --syslog %p@%i --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
 CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
 LimitNPROC=10
 DeviceAllow=/dev/null rw