FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 10-10-2012, 12:56 PM
"Richard W.M. Jones"
 
Default replacing rsyslogd in minimal with journald

On Wed, Oct 10, 2012 at 02:54:13PM +0200, drago01 wrote:
> On Wed, Oct 10, 2012 at 12:49 PM, Richard W.M. Jones <rjones@redhat.com> wrote:
> > On Wed, Oct 10, 2012 at 10:11:03AM +0000, "Jˇhann B. Gu­mundsson" wrote:
> >> On 10/10/2012 08:54 AM, Richard W.M. Jones wrote:
> >> >This would be essential for libguestfs tools to parse logs out of
> >> >guests (we do it now by reading /var/log/messages etc which has all of
> >> >the properties you state).
> >>
> >> I'm not sure how you are doing this currently but for shutdown guest
> >> I assume you would mount then run something like
> >>
> >> journalctl -D /path/to/journal/files | the script you use to parse the logs
> >
> > The question is whether this works with different versions of journal
> > on the host and in the guest. A typical case we have to deal with is
> > someone running a stable RHEL host, and Fedora guests
> > (ie. host version < guest version).
>
> Can't you run the journal from the guest? Or does this open another
> can of worms?

Security worms, yes.

We try very much to avoid running code from the guest. cf. grub
problems previously discussed on this list.

Rich.

--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
New in Fedora 11: Fedora Windows cross-compiler. Compile Windows
programs, test, and build Windows installers. Over 70 libraries supprt'd
http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-10-2012, 03:05 PM
Miloslav Trma─Ź
 
Default replacing rsyslogd in minimal with journald

I apologize, I'm ill and not generally up to providing detailed
responses. So just some sourced facts to counter [1] untruths.

For education on what current syslogs do,
http://blog.gerhards.net/2012/10/main-advantages-of-rsyslog-v7-vs-v5.html
is a possible start and http://www.rsyslog.com/doc/manual.html
contains much more.

On Tue, Oct 9, 2012 at 11:24 PM, Lennart Poettering
<mzerqung@0pointer.de> wrote:
> I am not generally against adding time-based rotation, but really, this
> is much less of a "necessity" than other things the journal provides,
> which syslog does not: for example per-service rate limits,

False. http://www.rsyslog.com/doc/imuxsock.html, "There is input rate
limiting available", currently enabled by default in Fedora.

> and
> unfakable meta-data for log messages.

False: http://www.rsyslog.com/doc/imuxsock.html, "trusted syslog
properties are available" (and in v7 they can be enabled in the Fedora
configuration by default)

On Wed, Oct 10, 2012 at 12:08 AM, Lennart Poettering
<mzerqung@0pointer.de> wrote:
> I am not a security guy, but having
> logs where unprivileged users cannot insert undetectable fakes
(Re: the implied claim that systemd provides that):

For the "unprivileged user" part, see above.

For the cryptographic protection, false.
http://cgit.freedesktop.org/systemd/systemd/tree/man/journalctl.xml#n358
defaults to 15 minutes, which is an eternity.
Mirek

[1] An adjective belongs here. I can think of about 10 candidates,
but I feel too ill and grumpy to trust myself to choose well.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-10-2012, 04:13 PM
Kay Sievers
 
Default replacing rsyslogd in minimal with journald

On Wed, Oct 10, 2012 at 5:05 PM, Miloslav Trma─Ź <mitr@volny.cz> wrote:
> On Tue, Oct 9, 2012 at 11:24 PM, Lennart Poettering <mzerqung@0pointer.de> wrote:

>> which syslog does not: for example per-service rate limits,
>
> False. http://www.rsyslog.com/doc/imuxsock.html, "There is input rate
> limiting available", currently enabled by default in Fedora.

Insufficient in rsyslog. And it's right what Lennart said. This really
needs to be per service/user not per pid. Pids are almost entirely
useless to key-off here.

>> and
>> unfakable meta-data for log messages.
>
> False: http://www.rsyslog.com/doc/imuxsock.html, "trusted syslog
> properties are available" (and in v7 they can be enabled in the Fedora
> configuration by default)

It's well meant, but really, it sounds more like a joke. Adding
"garbage" to the end of the human readable plain text is not
comparable with the journal.

> On Wed, Oct 10, 2012 at 12:08 AM, Lennart Poettering
> <mzerqung@0pointer.de> wrote:
>> I am not a security guy, but having
>> logs where unprivileged users cannot insert undetectable fakes
> (Re: the implied claim that systemd provides that):

It surely does provide it. Rsyslog can do something similar, but
really, with pushing stuff into plain text files, mixing it into the
human readable message it can't really get too far without creating a
mess in the files.

> For the "unprivileged user" part, see above.
>
> For the cryptographic protection, false.

It's not about tamper-proof log files, it was about unfakeable message
source context.

> http://cgit.freedesktop.org/systemd/systemd/tree/man/journalctl.xml#n358
> defaults to 15 minutes, which is an eternity.

The sealing was not even mentioned, but it's still better than
nothing. And 15 min are the current default, and this will change as
soon as the details are hashed out to efficiently move the sealing
forward in time.

> [1] An adjective belongs here. I can think of about 10 candidates,
> but I feel too ill and grumpy to trust myself to choose well.

I'm sure you should wait until you are back to full speed. You
comparision seem pretty bad researched.

Thanks,
Kay
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-10-2012, 04:18 PM
Miloslav Trma─Ź
 
Default replacing rsyslogd in minimal with journald

On Wed, Oct 10, 2012 at 6:13 PM, Kay Sievers <kay@vrfy.org> wrote:
>>> and
>>> unfakable meta-data for log messages.
>>
>> False: http://www.rsyslog.com/doc/imuxsock.html, "trusted syslog
>> properties are available" (and in v7 they can be enabled in the Fedora
>> configuration by default)
>
> It's well meant, but really, it sounds more like a joke. Adding
> "garbage" to the end of the human readable plain text is not
> comparable with the journal.

That's where the v7 reference comes in - stored as a Lumberjack field.
Mirek
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-10-2012, 06:15 PM
Lennart Poettering
 
Default replacing rsyslogd in minimal with journald

On Tue, 09.10.12 22:30, Simo Sorce (simo@redhat.com) wrote:

> > > logrotate has time based policies for very good reasons.
> >
> > Yeah, because Unix doesn't really allow much else...
> >
> Oh come on, stop bashing unix, logrotate could certainly grow a size
> checking policy if people felt the need, unix is not holding you back,
> in fact you are building this stuff on a unix-like system.

Ah, Unix cron can start things based on disk space changes? Interesting,
I wasn't aware of that. I thought it only could start logrotate by time,
not by disk space changes...

Lennart

--
Lennart Poettering - Red Hat, Inc.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-10-2012, 06:16 PM
Seth Vidal
 
Default replacing rsyslogd in minimal with journald

On Wed, 10 Oct 2012, Lennart Poettering wrote:


On Tue, 09.10.12 22:30, Simo Sorce (simo@redhat.com) wrote:


logrotate has time based policies for very good reasons.


Yeah, because Unix doesn't really allow much else...


Oh come on, stop bashing unix, logrotate could certainly grow a size
checking policy if people felt the need, unix is not holding you back,
in fact you are building this stuff on a unix-like system.


Ah, Unix cron can start things based on disk space changes? Interesting,
I wasn't aware of that. I thought it only could start logrotate by time,
not by disk space changes...




yum info incron

Description : This program is an "inotify cron" system.
: It consists of a daemon and a table manipulator.
: You can use it a similar way as the regular cron.
: The difference is that the inotify cron handles
: filesystem events rather than time periods.


-sv

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-10-2012, 06:21 PM
Lennart Poettering
 
Default replacing rsyslogd in minimal with journald

On Wed, 10.10.12 17:05, Miloslav Trma─Ź (mitr@volny.cz) wrote:

> On Tue, Oct 9, 2012 at 11:24 PM, Lennart Poettering
> <mzerqung@0pointer.de> wrote:
> > I am not generally against adding time-based rotation, but really, this
> > is much less of a "necessity" than other things the journal provides,
> > which syslog does not: for example per-service rate limits,
>
> False. http://www.rsyslog.com/doc/imuxsock.html, "There is input rate
> limiting available", currently enabled by default in Fedora.

I know, I asked Rainer to add that.

But this is actually much less useful than what the journal does: it's
per-pid, not per-service.

> > and
> > unfakable meta-data for log messages.
>
> False: http://www.rsyslog.com/doc/imuxsock.html, "trusted syslog
> properties are available" (and in v7 they can be enabled in the Fedora[M#}5
> configuration by default)

Yes, I know, I asked Rainer to add that. But it's not on, and there's no
accepted syntax for syslog messages to carry this, and it's pretty
incomplete. No selinux labels, no audit, and no service information.

> For the cryptographic protection, false.
> http://cgit.freedesktop.org/systemd/systemd/tree/man/journalctl.xml#n358
> defaults to 15 minutes, which is an eternity.

This is not what I talked of. I simply was pointing to the fact that
messages end up in /var/log/messages that cannot be traced back to who
actually sent them.

Lennart

--
Lennart Poettering - Red Hat, Inc.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-10-2012, 06:25 PM
Seth Vidal
 
Default replacing rsyslogd in minimal with journald

On Wed, 10 Oct 2012, Lennart Poettering wrote:


On Wed, 10.10.12 14:16, Seth Vidal (skvidal@fedoraproject.org) wrote:


On Tue, 09.10.12 22:30, Simo Sorce (simo@redhat.com) wrote:


logrotate has time based policies for very good reasons.


Yeah, because Unix doesn't really allow much else...


Oh come on, stop bashing unix, logrotate could certainly grow a size
checking policy if people felt the need, unix is not holding you back,
in fact you are building this stuff on a unix-like system.


Ah, Unix cron can start things based on disk space changes? Interesting,
I wasn't aware of that. I thought it only could start logrotate by time,
not by disk space changes...


yum info incron

Description : This program is an "inotify cron" system.
: It consists of a daemon and a table manipulator.
: You can use it a similar way as the regular cron.
: The difference is that the inotify cron handles
: filesystem events rather than time periods.


And rsyslog pulls that in? I wasn't aware of that. I am learning new
stuff every day...



I never said anything like that.

I said it existed.

Please stop adding words where they are not.


-sv

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-10-2012, 06:26 PM
Lennart Poettering
 
Default replacing rsyslogd in minimal with journald

On Wed, 10.10.12 14:16, Seth Vidal (skvidal@fedoraproject.org) wrote:

> >On Tue, 09.10.12 22:30, Simo Sorce (simo@redhat.com) wrote:
> >
> >>>>logrotate has time based policies for very good reasons.
> >>>
> >>>Yeah, because Unix doesn't really allow much else...
> >>>
> >>Oh come on, stop bashing unix, logrotate could certainly grow a size
> >>checking policy if people felt the need, unix is not holding you back,
> >>in fact you are building this stuff on a unix-like system.
> >
> >Ah, Unix cron can start things based on disk space changes? Interesting,
> >I wasn't aware of that. I thought it only could start logrotate by time,
> >not by disk space changes...
>
> yum info incron
>
> Description : This program is an "inotify cron" system.
> : It consists of a daemon and a table manipulator.
> : You can use it a similar way as the regular cron.
> : The difference is that the inotify cron handles
> : filesystem events rather than time periods.

And rsyslog pulls that in? I wasn't aware of that. I am learning new
stuff every day...

Lennart

--
Lennart Poettering - Red Hat, Inc.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-10-2012, 06:32 PM
Lennart Poettering
 
Default replacing rsyslogd in minimal with journald

On Wed, 10.10.12 08:54, Frank Murphy (frankly3d@gmail.com) wrote:

> On 09/10/12 15:16, Lennart Poettering wrote:
>
> >journalctl -D <pathtothejournalfiles>
> >
> >Lennart
> >
>
> Can journalctl send the logs via logwatch?

Not sure I can parse this, but IIUC you are wondering whether logwatch
is compatible with the journal. Not to my knowledge, no. But adding this
should be fairly easy as the output of "journalctl" is a pixel-perfect
copy of the original format, so where it works on /var/log/messages it
should simply work on the output of journalctl and all should be good.

Note however that with the capabilities of the journal it might be
interesting to add journal support to logwatch that goes beyond mere
compatibility. For example, tests such as "look for messages which are
claimed to come from PID xyz but actually came from uvw" and suchlike
would be really interesting to have. That information is not available
in the /var/log/messages format however...

Lennart

--
Lennart Poettering - Red Hat, Inc.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 

Thread Tools




All times are GMT. The time now is 12:52 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ę2007 - 2008, www.linux-archive.org