replacing rsyslogd in minimal with journald [was Re: systemd requires HTTP server and serves QR codes]

Konstantin Ryabitsev icon at
Wed Oct 10 19:31:54 UTC 2012

On Tue, Oct 9, 2012 at 5:24 PM, Lennart Poettering <mzerqung at> wrote:
> I am not generally against adding time-based rotation, but really, this
> is much less of a "necessity" than other things the journal provides,
> which syslog does not: for example per-service rate limits, and
> unfakable meta-data for log messages. I mean, really, how can we ship
> a syslog where every random user can fake messages, say they are from a
> privileged process and offer no way how to detect that?

I think you overestimate how much a sysadmin cares about fake
messages. The thing that's really important to a sysadmin is to make
sure that none of the REAL messages are lost. If someone fakes root
login entries by using something as trivial as "logger", I can easily
establish they are fake by looking at auditd logs. And then I would
*really* make that user regret their actions by using blunt
cryptanalysis tools.

So, it's not accurate to say that we don't currently have ways to detect that.

Konstantin Ryabitsev
Montréal, Québec

More information about the devel mailing list