The Journal - a proposed syslog replacement

One of the big problems with implementing a binary base log file system is as mentioned already, only one tool can read it correctly. And you loose the security if someone finds out how the data is stored. It's the exact same thing "Problem" as a text based log file. The other problem is a lot has to change in order for programs to work with the new system, i'e dmesg needs to be changed, boot loaders (including GRUB) have to add tools to allow people to read logs in case something goes wrong with the system and it can't boot.

Also I can not see how you can use the same methods as before to clean the logs, and to backup these logs. For example what happened if you wanted to view that log file in Windows, how would you do this. From a tool point of view you need the correct security tokens (which can be easily bypassed), etc.

You also have to remember routers use the syslogd protocol to send messages to a unix systems in case of DDOS, DOS and port scans etc. How will this be handled?

I don't like the move, it defeats the whole point of UNIX. Every thing in UNIX is a text file. Anyone can add to it and anyone can remove lines from it. It is up to the kernel and the logging program to control who can do what. The point about the syslog files being text only is mute as normally only root can write to the file and a binary file has the same "problem".

Why not use XML or something like that so that tools can still read and parse it, the log files can still be read even if the system can not boot. and provide a tool that can control access to the log file.

Lets not follow some stupid Windows way of doing it when we have a tried and test way we have used for years.

On a side note, should we even be looking at the security of the log file when only root can change it and if the hacker has root access. they can do a lot more dangerous things then change a log file.