FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 10-09-2012, 10:40 PM
Stephen John Smoogen
 
Default replacing rsyslogd in minimal with journald

On 9 October 2012 16:24, Matthew Miller <mattdm@fedoraproject.org> wrote:
> On Tue, Oct 09, 2012 at 04:20:14PM -0600, Stephen John Smoogen wrote:
>> > "If you have strict requirements on time-based logging rotation or
>> > certain audit requirements, then something like rsyslog(?) is required
>> > in parallel with the journal. In most other cases (desktops, tablets,
>> > many servers) the journal is sufficient."
>> *patch acked*
>
> Okay, so, given that: isn't systemd with time-based rotation logging more
> desirable than pushing that aspect off to rsyslog, because rsyslog loses the
> secure logging aspect?

OK I don't know enough of the journald "file" format and such to answer this.

> I would also note that the scope of organizations that have requirements for
> time-based rotation are much, much larger than than the set of organizations
> who need their servers to crash on error. It's an important use case, not
> just a thought experiment.

Yes they are but I think they would be in the same field of not being
the main candidate of using just the journal. Mainly because they
require sending the data to centralized locations, timestamping in
required formats etc.

--
Stephen J Smoogen.
"Don't derail a useful feature for the 99% because you're not in it."
Linus Torvalds
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me." —James Stewart as Elwood P. Dowd
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-09-2012, 11:11 PM
Dan Williams
 
Default replacing rsyslogd in minimal with journald

On Tue, 2012-10-09 at 15:41 -0600, Stephen John Smoogen wrote:
> On 9 October 2012 15:24, Lennart Poettering <mzerqung@0pointer.de> wrote:
> > On Tue, 09.10.12 16:53, Simo Sorce (simo@redhat.com) wrote:
>
> > If you want audit-like semantics with crashing if we cannot write, then
> > use something else, not the journal. The journal is supposed to be
> > robust and do the right thing so that you can leave it unnatteneded and
> > whatever happens it didn't spill the disk or become unavailable. It's
> > supposed to be "zero maintainance".
>
> So in those cases rsyslog would be required, but would be seen as a
> post-install step.
>
> EG what you are looking at is building a GNOME-OS and for those sorts
> of tablets, etc the journal is right for that. The other cases like at
> a Hospital, trading firm or various .gov.XX then having rsyslog
> installed with audit post would be the way to get the needed features.

That's a completely manufactured fake dichotomy. So either we're
building an OS for tablets, or we're building an OS for Goldman Sachs?
And nothing in between? Come on...

Dan

>
> --
> Stephen J Smoogen.
> "Don't derail a useful feature for the 99% because you're not in it."
> Linus Torvalds
> "Years ago my mother used to say to me,... Elwood, you must be oh
> so smart or oh so pleasant. Well, for years I was smart. I
> recommend pleasant. You may quote me." —James Stewart as Elwood P. Dowd


--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-09-2012, 11:18 PM
Dan Williams
 
Default replacing rsyslogd in minimal with journald

On Tue, 2012-10-09 at 15:57 -0600, Stephen John Smoogen wrote:
> On 9 October 2012 15:50, Matthew Miller <mattdm@fedoraproject.org> wrote:
> > On Tue, Oct 09, 2012 at 03:41:51PM -0600, Stephen John Smoogen wrote:
> >> > If you want audit-like semantics with crashing if we cannot write, then
> >> > use something else, not the journal. The journal is supposed to be
> >> > robust and do the right thing so that you can leave it unnatteneded and
> >> > whatever happens it didn't spill the disk or become unavailable. It's
> >> > supposed to be "zero maintainance".
> >>
> >> So in those cases rsyslog would be required, but would be seen as a
> >> post-install step.
> >>
> >> EG what you are looking at is building a GNOME-OS and for those sorts
> >> of tablets, etc the journal is right for that. The other cases like at
> >> a Hospital, trading firm or various .gov.XX then having rsyslog
> >> installed with audit post would be the way to get the needed features.
> >
> > If so, this seems unfortunate, because the other features discussed (e.g.,
> > trustable metadata) would be very welcome in these environments. Can't the
> > enterprise have nice things?
>
> Sorry I didn't mean to make that either/or. The enterprise gets the
> journald but does not get to keep its contents unless there is a
> program that sends it to say rsyslog.

Ah; I think what you meant to say is:

"*IF* what you are looking at..."

but I'd suggest instead:

"If you have strict requirements on time-based logging rotation or
certain audit requirements, then something like rsyslog(?) is required
in parallel with the journal. In most other cases (desktops, tablets,
many servers) the journal is sufficient."

No?

Dan

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-10-2012, 02:30 AM
Simo Sorce
 
Default replacing rsyslogd in minimal with journald

On Tue, 2012-10-09 at 23:24 +0200, Lennart Poettering wrote:
> I am not generally against adding time-based rotation, but really,
> this
> is much less of a "necessity" than other things the journal provides,
> which syslog does not: for example per-service rate limits, and
> unfakable meta-data for log messages. I mean, really, how can we ship
> a syslog where every random user can fake messages, say they are from
> a privileged process and offer no way how to detect that?


I am not saying you need to remove any of the good features, not even
sure why you seem to make an either/or case.

The point of adding time based rotation is exactly so that *more* users
can use it and benefit from the other features.

> > Also rotating based on use is generally annoying to admins, as it
> makes
> > more difficult to predict where stuff will end up and what will
> > deterministically be in backups.
>
> For some sure, for most not.

For most people you could simply throw away multiuser support and always
run as root, I don't think that makes for a good argument to do so
anyway.

> > logrotate has time based policies for very good reasons.
>
> Yeah, because Unix doesn't really allow much else...
>
Oh come on, stop bashing unix, logrotate could certainly grow a size
checking policy if people felt the need, unix is not holding you back,
in fact you are building this stuff on a unix-like system.

Simo.

--
Simo Sorce * Red Hat, Inc * New York

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-10-2012, 02:33 AM
Matthew Miller
 
Default replacing rsyslogd in minimal with journald

On Tue, Oct 09, 2012 at 10:30:38PM -0400, Simo Sorce wrote:
> Oh come on, stop bashing unix, logrotate could certainly grow a size
> checking policy if people felt the need, unix is not holding you back,
> in fact you are building this stuff on a unix-like system.

In fact, logrotate _has_ a size checking policy and has for years. Possibly
always. The main drawback is that with nightly runs, a log which grows
suddenly during the day may grow out of control.

--
Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm@fedoraproject.org>
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-10-2012, 02:45 AM
Simo Sorce
 
Default replacing rsyslogd in minimal with journald

On Tue, 2012-10-09 at 22:33 -0400, Matthew Miller wrote:
> On Tue, Oct 09, 2012 at 10:30:38PM -0400, Simo Sorce wrote:
> > Oh come on, stop bashing unix, logrotate could certainly grow a size
> > checking policy if people felt the need, unix is not holding you back,
> > in fact you are building this stuff on a unix-like system.
>
> In fact, logrotate _has_ a size checking policy and has for years. Possibly
> always. The main drawback is that with nightly runs, a log which grows
> suddenly during the day may grow out of control.

Yeah I meant more of an online checker based on something like inotify
that would run the logrotate job ahead of time if needed. It's not
rocket science, but if it is not widespread it probably means that
either those in need use alternative log rotation tools, or people never
felt the urge to do it.

Simo.

--
Simo Sorce * Red Hat, Inc * New York

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-10-2012, 03:31 AM
Stephen John Smoogen
 
Default replacing rsyslogd in minimal with journald

On 9 October 2012 20:45, Simo Sorce <simo@redhat.com> wrote:
> On Tue, 2012-10-09 at 22:33 -0400, Matthew Miller wrote:
>> On Tue, Oct 09, 2012 at 10:30:38PM -0400, Simo Sorce wrote:
>> > Oh come on, stop bashing unix, logrotate could certainly grow a size
>> > checking policy if people felt the need, unix is not holding you back,
>> > in fact you are building this stuff on a unix-like system.
>>
>> In fact, logrotate _has_ a size checking policy and has for years. Possibly
>> always. The main drawback is that with nightly runs, a log which grows
>> suddenly during the day may grow out of control.
>
> Yeah I meant more of an online checker based on something like inotify
> that would run the logrotate job ahead of time if needed. It's not
> rocket science, but if it is not widespread it probably means that
> either those in need use alternative log rotation tools, or people never
> felt the urge to do it.

At previous jobs I have seen it usually done by moving logrotate to
every hour or smaller time frame using a custom config that only
checked the sizes of files. I think they had some sort of inotify tool
also but it had a tendency to go bonkers at times.


--
Stephen J Smoogen.
"Don't derail a useful feature for the 99% because you're not in it."
Linus Torvalds
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me." —James Stewart as Elwood P. Dowd
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-10-2012, 06:42 AM
Rahul Sundaram
 
Default replacing rsyslogd in minimal with journald

On 10/09/2012 09:42 PM, Matthew Miller wrote:

On Tue, Oct 09, 2012 at 11:59:08AM -0400, Simo Sorce wrote:

In current versions .service is implied if no extension is provided:
https://bugs.freedesktop.org/show_bug.cgi?id=39386

About time :-)


Awesome.

And I want to take a moment to thank everyone for listening to these
concerns. I'm optimistic that we can make this all work very nicely.


Is this documented in the relevant man pages as well?

Rahul

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-10-2012, 07:50 AM
Bjrn Persson
 
Default replacing rsyslogd in minimal with journald

Lennart Poettering wrote:
> On Tue, 09.10.12 09:09, Chris Adams (cmadams@hiwaay.net) wrote:
> > How do you read this log when the system is not running (e.g.
> > mounting filesystems of a drive on another system, running from a
> > rescue image, etc.)?
>
> journalctl -D <pathtothejournalfiles>

So the rescue system (which might not always be Fedora) must have
journalctl installed. Is the file format stable, or can it break if the
rescue system has a different version of journalctl? Is the format
perchance even documented so that other tools for reading logs could be
written?

Bjrn Persson

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-10-2012, 07:54 AM
Frank Murphy
 
Default replacing rsyslogd in minimal with journald

On 09/10/12 15:16, Lennart Poettering wrote:


journalctl -D <pathtothejournalfiles>

Lennart



Can journalctl send the logs via logwatch?

--
Regards,
Frank
"Jack of all, fubars"
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 

Thread Tools




All times are GMT. The time now is 12:16 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org