Bug 2168363 - syslog messages do not get categorized under a systemd unit
Summary: syslog messages do not get categorized under a systemd unit
Keywords:
Status: NEW
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: systemd
Version: 8.8
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: systemd maint
QA Contact: Frantisek Sumsal
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-02-08 19:53 UTC by Dalibor Pospíšil
Modified: 2023-08-14 11:27 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-148040 0 None None None 2023-02-08 19:54:32 UTC

Description Dalibor Pospíšil 2023-02-08 19:53:57 UTC
Description of problem:


Version-Release number of selected component (if applicable):
systemd-239-71.el8
usbguard-1.0.0-13.el8

How reproducible:
100%

Steps to Reproduce:
1. systemctl stop usbguard
2. since=$(date +"%F %T")
3. sleep 1
4. echo "SomeNonexistentDirective=12345" >> /etc/usbguard/usbguard-daemon.conf
5. systemctl reset-failed usbguard
6. systemctl restart usbguard
7. sleep 2
8. journalctl --flush
9. sleep 1
10. journalctl -u usbguard -l --since '$since' --no-pager 

Actual results:
no messages coming from the usbguard-daemon

Expected results:
messages like
Feb 08 20:45:54 sopos-rhel9-brq usbguard-daemon[119481]: Error: parsed key is not in key set: 'SomeNonexistentDirective'
Feb 08 20:45:53 sopos-rhel9-brq usbguard-daemon[119445]: KeyValueParser: Parser: Invalid key

Additional info:
RHEL-9 works as expected

These are the missing properties of the journal messages on rhel8 in comparison to rhel9:
_RUNTIME_SCOPE
_SYSTEMD_SLICE
_EXE
_CMDLINE
_SYSTEMD_CGROUP
_SYSTEMD_UNIT
SYSLOG_TIMESTAMP
_SYSTEMD_INVOCATION_ID

Comment 1 David Tardon 2023-02-09 16:05:28 UTC
(In reply to Dalibor Pospíšil from comment #0)
> Steps to Reproduce:
> 1. systemctl stop usbguard
> 2. since=$(date +"%F %T")
> 3. sleep 1
> 4. echo "SomeNonexistentDirective=12345" >>
> /etc/usbguard/usbguard-daemon.conf
> 5. systemctl reset-failed usbguard

This is not needed. `systemctl start` (or restart) doesn't care about the initial state.

> 6. systemctl restart usbguard
> 7. sleep 2
> 8. journalctl --flush

This does something else than you think.

> 9. sleep 1
> 10. journalctl -u usbguard -l --since '$since' --no-pager 
> 
> Actual results:
> no messages coming from the usbguard-daemon

This looks like a known race: the daemon had exited too quickly, before journald has had a chance to determine its cgroup. It only happens with legacy/hybrid cgroup hierarchy, though; it works fine with unified hierarchy (which is used by default on RHEL-9, hence the problem doesn't manifest there either)...

Comment 2 Dalibor Pospíšil 2023-02-14 21:41:28 UTC
So what would be the recommendation to make it work correctly on RHEL-8?


Note You need to log in before you can comment on or make changes to this bug.