Hello, On 09/26/2012 07:09 PM, Per Jessen wrote:
Just in case no one else has noticed - there is absolutely no (0, zero) benefit to anyone (user/admin/developer/packager/whoever) in omitting syslog from the default pattern/install. Yet it was suggested and we have been discussing it for quite some time now. I submit it should never have been suggested and certainly not discussed without someone arguing _why_ it is of benefit to the end user and hence worthwhile doing.
I think the suggestion was completely pointless and in the end only caused unnecessary consternation among those openSUSE users that have a use for syslog. The majority of the default openSUSE users (90% according to the thread) don't care anyway, so why waste effort on upsetting the 10%? I guess, I was the one, who opened this can of worms :)
So, here are some systemd journal advantages. Please note, that I do not list here the crypto part, as the journal is local only, and it's easier to 'rm -fr /var/log/journal' than to tamper it :) The primary advantage of the journal is, that it's heavily integrated with the init system (systemd): - logging of early boot related messages is possible, while (r)syslog(-ng) can't be started early enough and only with ugly hacks to catch part of those. - much better logging of apps started by systemd A much hyped feature is "trusted properties", which can help debugging as long as that "rm -fr" did not happen. Just see what is recorded by syslog-ng, and what is recorded by the journal. I created an obviously falsified log message, but I could also spoof an ssh login, or dhcpd IP request into the logs. Using the verbose output of journalctl one can see, that this message is coming from a user and not from a daemon... $ logger -t ooops -i I was where # tail -1 /var/log/messages Sep 27 08:09:00 linux-dbr3 ooops[3147]: I was where # vs. # systemd-journalctl -o verbose Thu, 27 Sep 2012 08:09:00 +0200 [s=3df0698924264732814a4ffbbc73cb76;i=49a;b=80a aa318b95c42748481efeff8fd2150;m=a72e2270;t=4caa8c67f409c;x=a6873d5ab8006c50;p=s ystem.journal] _TRANSPORT=syslog PRIORITY=5 SYSLOG_FACILITY=1 SYSLOG_IDENTIFIER=ooops SYSLOG_PID=3147 MESSAGE=I was where _PID=3147 _UID=1000 _GID=100 _SOURCE_REALTIME_TIMESTAMP=1348726140387051 _BOOT_ID=80aaa318b95c42748481efeff8fd2150 _MACHINE_ID=42f6872bec8588115c31d8de0000095a _HOSTNAME=linux-dbr3.site It has also a circular log file, so it never fills the HDD, but uses a given percentage of it (5% by default AFAIR). So log rotation is not any more a problem. Right now there is double logging by default: the journal collects messages to /var/log/journal and syslog(-ng) to /var/log. One of this is just wasting disk space... And the major advantage from the syslog(-ng) point of view, that most of it can be disabled while the useful part continues to work. As it will still follow apps started by systemd, collect status messages, etc. which is not possible by any syslog implementation on that level. Of course, SLES/SLED have a very different focus, where syslog-ng and central logging are important components. But the vast majority of openSUSE users will never notice, that (r)syslog(-ng) is gone from the default install. Those, who care about logs and logging are not the kind anyway, who install openSUSE with a "next, next, finish" attitude, and will add syslog-ng to a long list of applications, which needs to be installed after the base install is finished. Bye, CzP -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org