|
|
Log in / Subscribe / Register

That newfangled Journal thing

That newfangled Journal thing

Posted Nov 24, 2011 5:58 UTC (Thu) by russell (guest, #10458)
Parent article: That newfangled Journal thing

If it's lasted 40 years, it must be doing a lot of things right. Whoever had the vision to build it should be proud of inventing a system that lasted that long.

to post comments

That newfangled Journal thing

Posted Nov 24, 2011 8:57 UTC (Thu) by anselm (subscriber, #2796) [Link] (3 responses)

The syslog protocol is similar to, say, SMTP. It was invented a long time ago when issues like security and extensibility weren't as important as they are today. It is very simple, something somebody might write down on a paper napkin. It does a reasonable approximation of what it was supposed to do. There is widespread consensus that it sucks in important respects, but it is so entrenched that it is essentially impossible to replace with something radically different and better. »It's been around for so long, it's got to be good« is not something I would want to say about either.

(At least in the case of SMTP, we have fixed some of the more glaring shortcomings, but there are still lots of problems with the current incarnation that are probably going to stick around for a very long time. With syslog, nothing of the sort is in evidence – we still have the hard-coded facility list we used to have, and there is no provision for authentication, to name but two existing issues.)

That newfangled Journal thing

Posted Nov 24, 2011 11:20 UTC (Thu) by dlang (guest, #313) [Link] (1 responses)

you are correct that the original syslog protocol, RFCs, and implementations were seriously lacking in security, reliability and performance.

However, syslog-ng and rsyslog have added many options that address these concerns, all in ways that are optional extensions from the base, and require no significant changes if you don't use them (the syntax of the config file is the biggest change, and rsyslog lets you ignore most of that if you want to)

yes, there is still the hard coded facility and severity lists, however I don't think that anyone who is doing real serious work with syslog really uses those, instead the far more flexible filtering of the modern syslog daemons is used instead.

go take a serious look at rsyslog (the default on just about every distro, even if some of them have old versions). It has a lot of capabilities that you would not have thought of a few years ago.

That newfangled Journal thing

Posted Nov 24, 2011 15:15 UTC (Thu) by anselm (subscriber, #2796) [Link]

I'm familiar with rsyslogd, thank you very much. However, I think any long-overdue improvements to the logging infrastructure should not depend on running specific software packages at either end. In particular, rsyslogd is still being fed free-format, unauthenticated syslog-style messages – it may be quite a bit more clever in dealing with them than plain syslogd, but there are still opportunities for improvement that rsyslogd alone does not address.

I'm not saying that Lennart's and Kay's proposal should immediately be adopted by everyone. I don't even think Lennart and Kay expect that. We should really consider it as a starting point for tests and a reasonable discussion, rather than dismiss it outright as »heresy« or some of the other things that have been mentioned here.

That newfangled Journal thing

Posted Dec 1, 2011 23:29 UTC (Thu) by jimi (guest, #6655) [Link]

> There is widespread consensus that it [syslog] sucks in important respects

There is?


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds