replacing rsyslogd in minimal with journald [was Re: systemd requires HTTP server and serves QR codes]

Miloslav Trma─Ź mitr at volny.cz
Wed Oct 10 15:05:58 UTC 2012


I apologize, I'm ill and not generally up to providing detailed
responses.  So just some sourced facts to counter [1] untruths.

For education on what current syslogs do,
http://blog.gerhards.net/2012/10/main-advantages-of-rsyslog-v7-vs-v5.html
is a possible start and http://www.rsyslog.com/doc/manual.html
contains much more.

On Tue, Oct 9, 2012 at 11:24 PM, Lennart Poettering
<mzerqung at 0pointer.de> wrote:
> I am not generally against adding time-based rotation, but really, this
> is much less of a "necessity" than other things the journal provides,
> which syslog does not: for example per-service rate limits,

False.  http://www.rsyslog.com/doc/imuxsock.html, "There is input rate
limiting available", currently enabled by default in Fedora.

> and
> unfakable meta-data for log messages.

False: http://www.rsyslog.com/doc/imuxsock.html, "trusted syslog
properties are available" (and in v7 they can be enabled in the Fedora
configuration by default)

On Wed, Oct 10, 2012 at 12:08 AM, Lennart Poettering
<mzerqung at 0pointer.de> wrote:
> I am not a security guy, but having
> logs where unprivileged users cannot insert undetectable fakes
(Re: the implied claim that systemd provides that):

For the "unprivileged user" part, see above.

For the cryptographic protection, false.
http://cgit.freedesktop.org/systemd/systemd/tree/man/journalctl.xml#n358
defaults to 15 minutes, which is an eternity.
   Mirek

[1] An adjective belongs here.  I can think of about 10 candidates,
but I feel too ill and grumpy to trust myself to choose well.


More information about the devel mailing list