| |||||||||||||
syslog vs other solutionssyslog vs other solutionsPosted Nov 8, 2012 15:30 UTC (Thu) by dps (subscriber, #5725)Parent article: LCE: Systemd two years on
The old style syslog does have lots of problems but most of the replacements are worse. You can read syslog output without special tools and it is reasonably easier for programs to parse (modulo the parsability of the logged messages).
I would also note than a lot of things found to large network, for example lights out management and SAN boxes support syslog but none of the other solutions. This makes syslog support an important feature.
It also reasonably easy to set up a drop safe non-networked logging host for cracker proof logs. If the journal, or anything else, loses this or the ability to process the logs without special tools then it is a step backwards.
Knowing that your logs have been edited is not enough: as a system admin I want to know what was edited out and a drop safe logging host provides me with that. Anything that does not support such a box is inferior.
(Log in to post comments)
syslog vs other solutions Posted Nov 8, 2012 15:32 UTC (Thu) by ovitters (subscriber, #27950) [Link]
You can still run syslog.
syslog vs other solutions Posted Nov 8, 2012 16:37 UTC (Thu) by mirabilos (subscriber, #84359) [Link]
For how long?
The Arch Linux people said you can still use init scripts… now Arch Linux is dead.
And I will GR against a switch to systemd in Debian, should that become necessary.
syslog vs other solutions Posted Nov 8, 2012 19:24 UTC (Thu) by smoogen (subscriber, #97) [Link]
As long as people are willing to take the time and energy to update various parts. When they no longer want to do that and no one steps up to replace them.. the feature is dead.
syslog vs other solutions Posted Nov 9, 2012 0:08 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link]
Syslog compat code in Journal is trivial - it just forwards messages to a specific socket:
http://cgit.freedesktop.org/systemd/systemd/tree/src/jour...
There's nothing complicated there, so it can be easily maintained indefinitely.
>now Arch Linux is dead.
syslog vs other solutions Posted Nov 8, 2012 19:25 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]
just like you can still use udev without systemd?
syslog vs other solutions Posted Nov 15, 2012 13:09 UTC (Thu) by Wol (guest, #4433) [Link]
Has that changed?
aiui you could compile udev separate from systemd. And I'm on gentoo. Not that I notice these things but my init system is OpenRC (I think - it's the default, whatever) and I'm running udev - udev 171-r8 to be precise.
iirc they may be the same code base, but they are two separate builds - the code bases merged because so much was duplicated.
Cheers,
syslog vs other solutions Posted Nov 15, 2012 17:16 UTC (Thu) by nix (subscriber, #2304) [Link]
udev 171 predates the udev/systemd merge.
syslog vs other solutions Posted Nov 15, 2012 19:32 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]
The systemd/udev maintainers have recently announced that compiling udev without systemd is no longer supported
syslog vs other solutions Posted Nov 15, 2012 23:52 UTC (Thu) by BlueLightning (subscriber, #38978) [Link]
Really? Can you point to this announcement? It was only in April that Lennart had this to say on the matter:
syslog vs other solutions Posted Nov 17, 2012 17:14 UTC (Sat) by engla (guest, #47454) [Link]
I think you need to build both udev and systemd, but you can install just the udev products.
syslog vs other solutions Posted Nov 17, 2012 18:47 UTC (Sat) by jrn (subscriber, #64214) [Link]
> The systemd/udev maintainers have recently announced that compiling udev without systemd is no longer supported
That is frightening. Regardless of what you think of systemd, the udev maintainers have just said loudly and clearly "We don't care about you" to a substantial existing population of users.
syslog vs other solutions Posted Nov 17, 2012 19:38 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link]
I've checked the recent posts in udev's mail list and I can't find what dlang is talking about.
syslog vs other solutions Posted Nov 17, 2012 23:18 UTC (Sat) by jimparis (subscriber, #38647) [Link]
From http://permalink.gmane.org/gmane.linux.hotplug.devel/17444 (May 2012)
"We support stand-alone *operation* of the udev tools, but the build
syslog vs other solutions Posted Nov 18, 2012 0:13 UTC (Sun) by dlang (✭ supporter ✭, #313) [Link]
it's not recent news.
The recent news is that some Gentoo developers have (sortof) announced that they are planning to fork udev as a result of how it's being managed since being merged into systemd
syslog vs other solutions Posted Nov 9, 2012 12:27 UTC (Fri) by zuki (subscriber, #41808) [Link]
> The old style syslog does have lots of problems but most of the
> replacements are worse. You can read syslog output without special tools > and it is reasonably easier for programs to parse (modulo the > parsability of the logged messages). It is true, that a special tool is needed to parse journal files, but (a) it's always possible to pipe the output and then perform further analysis. Actually, this isn't that much different from current .gz/.xz compressed text files. (a) there's a nice C interface which is easy to use, so tools for parsing log messages can certainly be taught to read journal files themselves without too much work. (b) the format is documented [1], so it's possible to create other parsers
[1] http://www.freedesktop.org/wiki/Software/systemd/journal-...
> I would also note than a lot of things found to large network, for
> It also reasonably easy to set up a drop safe non-networked logging host > for cracker proof logs. If the journal, or anything else, loses this or > the ability to process the logs without special tools then it is a step > backwards.
> Knowing that your logs have been edited is not enough: as a system admin
|
|||||||||||||