Weekly edition	Kernel	Security	Distributions	Contact Us	Search
Archives	Calendar	Subscribe	Write for LWN	LWN.net FAQ	Sponsors

The Journal - a proposed syslog replacement

Posted Nov 23, 2011 5:01 UTC (Wed) by ziggyfish (guest, #81547)
Parent article: The Journal - a proposed syslog replacement

One last thing, your already told who logged the message. as the first part of the message that gets logged is the process that logged it and the processes ID.

(Log in to post comments)

Posted Nov 23, 2011 10:09 UTC (Wed) by mpr22 (subscriber, #60784) [Link]

A quick look at /var/log/syslog on my desktop Ubuntu box suggests that this turns out to only partly be the case. There are several programs (at a minimum: acpid, NetworkManager, modem-manager, dhcpd), which do not have a PID in their syslog messages.

The Journal - a proposed syslog replacement

Posted Nov 23, 2011 21:40 UTC (Wed) by ziggyfish (guest, #81547) [Link]

Not by default, however it is still possible to add this information into the log.

The Journal - a proposed syslog replacement

Posted Nov 23, 2011 23:31 UTC (Wed) by dlang (✭ supporter ✭, #313) [Link]

that program name and pid is data provided as part of the log written by the application, so the application can lie about both.

However,fixing this doesn't require making changes that are nearly this drastic.

systemd is already planning to create a new container for each application (with cgroups, etc), have it create a new filesystem namespace as well with a different /dev/log and the existing modern syslog daemons (rsyslog and syslog-ng) can record which container the log came from.