replacing rsyslogd in minimal with journald [was Re: systemd requires HTTP server and serves QR codes]

Fri Oct 12 23:36:34 UTC 2012

On Fri, 12.10.12 15:29, Bill Nottingham (notting at redhat.com) wrote:

Heya,

> And we've got a lot of technology going around. journald - that's
> technology. rsyslog - that's technology. libumberlog & ceelog - that's
> technology.

THis really makes me wonder where CEE actually belongs in this. Is
anybody using this currently? What area is this supposed to cover that
is not already covered by the journal or rsyslog? Is there really room
for another format besides BSD syslog and journal records? So, what's
our story here with CEE?

> If people want CEE format logs, or plain text logs, maybe journald should
> grow those as output formats. 

To me it appears that CEE isn't widely accepted so far (heck, not even
properly defined as multiple different vocabularies for fields are
floating around), and I am bit unsure where it really fits in the big
picture. I am a bit conservative in adding output formatting for CEE if
it isn't clear that there is a need for CEE, that it's going to stick
around for long and we actually have people using this.

> Or maybe rsyslog should produce those formats.  Maybe rsyslog should
> grow a journald plugin, so instead of duplicating some of journald's
> code for associating entries with pid/exec/etc., it can read the
> already annotated journal stream and add its own metadata & spit out
> whatever formats it wants. (Maybe it already does this!)

Yes, this would certainly be useful. If rsyslog wants access to the full
data stream systemd generates then using our C APIs is a good choice, it
will get all meta data, and can process them the way they want.

> Maybe rsyslog or journald should take over audit logging in some way.

Since the audit logs contain a lot of useful data we definitely want to
acquire auditing as another input for the journal. In fact, Eric has
been working on kernel support to allow the journal to get a copy of the
audit stream without interfering with auditd.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.