replacing rsyslogd in minimal with journald [was Re: systemd requires HTTP server and serves QR codes]

Lennart Poettering mzerqung at 0pointer.de
Wed Oct 10 18:21:30 UTC 2012


On Wed, 10.10.12 17:05, Miloslav Trma─Ź (mitr at volny.cz) wrote:

> On Tue, Oct 9, 2012 at 11:24 PM, Lennart Poettering
> <mzerqung at 0pointer.de> wrote:
> > I am not generally against adding time-based rotation, but really, this
> > is much less of a "necessity" than other things the journal provides,
> > which syslog does not: for example per-service rate limits,
> 
> False.  http://www.rsyslog.com/doc/imuxsock.html, "There is input rate
> limiting available", currently enabled by default in Fedora.

I know, I asked Rainer to add that.

But this is actually much less useful than what the journal does: it's
per-pid, not per-service.

> > and
> > unfakable meta-data for log messages.
> 
> False: http://www.rsyslog.com/doc/imuxsock.html, "trusted syslog
> properties are available" (and in v7 they can be enabled in the Fedora[M#}5
> configuration by default)

Yes, I know, I asked Rainer to add that. But it's not on, and there's no
accepted syntax for syslog messages to carry this, and it's pretty
incomplete. No selinux labels, no audit, and no service information.

> For the cryptographic protection, false.
> http://cgit.freedesktop.org/systemd/systemd/tree/man/journalctl.xml#n358
> defaults to 15 minutes, which is an eternity.

This is not what I talked of. I simply was pointing to the fact that
messages end up in /var/log/messages that cannot be traced back to who
actually sent them.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.


More information about the devel mailing list