`journalctl -f -m` does not interleave remote and local

Question

I currently have a 2-server setup (3 servers in total, one still to be configured for this) with one server using systemd-journal-remote (.socket & .service) to collect all log entries from the other machine, which uploads with systemd-journal-upload.

I have installed version 239 via stretch-backports on the receiving debian server, simply to make journalctl -m work, and pick up /var/log/journal/remote

This setup is for redundancy and simplicity of logging, and to have a overview of all events on all servers, but systemctl -f -m does not pick up all logging origins (local and remote), can this be fixed, or is it via design?

Edit:

Upon inspection with a rather non-reoccurring service (cron), i finally got entries for both machines, but here I think i find the problem;

    {
        ...
        "__REALTIME_TIMESTAMP": "1539710221237971",
        "__MONOTONIC_TIMESTAMP": "5621984625",
        "_BOOT_ID": "afb0d4143851464184f340c4ace9XXXX",
        "_MACHINE_ID": "59b666a7337442898dc7cc671c0eXXXX",
        "_HOSTNAME": "SERVER_RECEIVE",
        ...
    },
    {
        ...
        "__REALTIME_TIMESTAMP": "1539706141105212",
        "__MONOTONIC_TIMESTAMP": "6030701064304",
        "_BOOT_ID": "afb0d4143851464184f340c4ace9XXXX",
        "_MACHINE_ID": "35ade424e59d4ef18a9986a090f6XXXX",
        "_HOSTNAME": "SERVER_SEND",
        ...
    },

journalctl seems to sort on __MONOTONIC_TIMESTAMP, is there a reason as to why the remote capturing service seems to iterate on a lower count than the actual journalctl count?

score 1 · Accepted Answer · answered Oct 16 '18 at 18:33

1

journalctl correctly interleaves the machine entries after a reboot, but with flags -mf, it only shows a live feed of all remote machines, it does not interleave local and remote.

This is a bug, and I have started an issue here.

answered Oct 16 '18 at 18:33

Shadowjonathan

463
4
7

`journalctl -f -m` does not interleave remote and local

1 Answers1