-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2014-06-04 12:04, Anton Aylward wrote:
The indexing of the database did all the hard work :-)
All alarms, analysis, reports were made from that SQL database. In the multi-machine environment it was the only way to deal with the all the info.
The Syslog was handled by the InfoSec department not by operations. Part of the reason for the database was to be able to trace activity that spanned machines, routers, firewalls.
There is simply no way that a human could analyse that much data, so a human readable textfile was irrelevant.
True. And I worked with a product that automatically collected text logs from ancient machines (that log to a printer or internal files), scanned them, and converted all that into a central structured database, which was then used to generate alarms and alert technicians in the central control center. Quite an expensive product, I believe. So yes, binary, database, system logs do make a lot of sense. However, in that same control center, I often used plain zgrep (rather cgrep) on an alternative Linux server that also collected the same text logs, in order to quickly search for issues, mostly issues that were not clearly defined. Text logs are simple to use by human, easier to use to find yet undefined problems. However, the problem was that the central machine and database was very slow and difficult to handle. The interface was via web browsers and java or javascript (I don't remember which, sorry). Java, probably. Our desktop machines with about 64 MiB ram bent under that load. So we technicians usually bypassed the system if we could - but the idea of the organized database was absolutely correct, only incorrectly implemented. Maybe they should have created a client-server database structure, to offload things to the client machines. No matter, no relevant here. All my openSUSE machines have currently both classic style syslog, and non-permanent systemd journal. I believe this is the current default, I don't remember setting this up manually. So I see the discussion here blaming systemd for perverting system log is here moot, because we have both styles of logs active. Traditional logs have not been removed. So if systemd adds a binary log, and it is not enforced, I see no issue with it. Welcome! Actually that log is better in order to find issues with systemd itself and services. The only verified big issue with persistent systemd journal I know about is that searching it is currently horribly slow, if the disk is magnetic. Just printing the log to screen makes the disk head move madly. There have been reports here of it taking hours, not even minutes. But that is implementation issues. The idea is sound. In fact, you can also tell rsyslog and others to write the traditional syslog into an mysql binary database! Nothing new here. (And no, I'm not a systemd lover. I rather hate it. But as it is what we have, I adapt). - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlOPDUEACgkQtTMYHG2NR9U1AACeMRbkrnr7R7wWoa1zz5gNthlg 3zsAn2IHsTs7eG8HP3eS/kfCjPkpv5L/ =keV8 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org