Hacker News new | ask | show | jobs
by Sanddancer 4574 days ago
Seeing the removal of syslogd, getting more than a bit grumpy here at the continuing direction Redhat is dragging the Linux world. Journald may serve the basic user well, it can't do half the stuff a good syslogd configuration can do; it can't pipe messages to other processes, it can't send messages to remote servers, it can't send messages to multiple places. If redhat had put in services to let journald do the things syslogd's been able to do since forever, I'd be more ok with its direction, but as it stands, it's proprietary in all but name.
7 comments
andor 4574 days ago
It's not a direct replacement. Journald does stuff that syslog can't do, but it doesn't reimplement everything. Instead, you can pipe to syslog if you want syslog features.

- Journald logs the whole boot process

- Journald can make sure that an item really came from some process. It also tries to seal the journal so that it can't be tempered with.

- It's built into the other systemd tools. For example, when you notice a daemon doesn't start through systemctl, it'll show you the error messages in systemctl status.

link
hdevalence 4574 days ago
Note that the second point is quite important -- it provides a rolling hash of the journal contents that you can send to another machine, so that in the event of a break-in, you can detect any tampering with the syslogs. As I recall, this was inspired by the break-in to the kernel.org servers, where the attacker tampered with the log files. That would be impossible with journald.
link
Sanddancer 4574 days ago
There are syslog daemons that can provide cryptographic security as well. Alternatively, they can also log directly to an SQL database, use SSL client certificates, etc. Modern syslog daemons are quite powerful.
link
mateuszf 4574 days ago
Yeah, but journald works even on plain stdout, stderr. It's hard to beat that.
link
rwmj 4574 days ago
It also provides a pretty sensible API for walking through the log from programs.

http://www.freedesktop.org/software/systemd/man/sd-journal.h...

link
DrJokepu 4574 days ago
If you need syslogd, isn’t it as simple as yum install syslogd and then you’re sorted?
link
Sanddancer 4574 days ago
I can, however, again, it's a pretty poor direction that only serves to fragment systems. Many of the complaints that drove the creation of journald could have been better solved through a better default syslogd configuration. Additionally, the journald solution for needs such as remote logging or logging to multiple locations means that you now need to pipe through a process that has a near sole job of piping to another process. It just gives a very bad feeling of hackishness to me.
link
CraigJPerry 4574 days ago
I don't think the fragmentation claim stands up to scrutiny.

It's so far been adopted by redhat, suse, arch, coreos and with some consideration by debian. The only big name not thinking about it is Ubuntu.

I don't think that many of the journald drivers could have been solved by better syslogd configuration, for example journald cryptographically signs each log entry. Even if you get root on my box, you can't edit an entry without me knowing. That's not possible in any meaningful way with syslog.

I don't share the view of a hack, the speed improvements of introducing journald have been tremendous and usability is mostly better.

For example, the number 1 thing done with syslog output is probably either grep it, so journald improves on this:

    journalctl _COMM=sshd --since yesterday --until "08:30"
    OR
    journalctl /usr/sbin/sshd --since yesterday --until "08:30"
Or tail it

    journalctl -F
The places i don't like the user interface are around starting and stopping services. However the old interfaces work fine for now.
link
Sanddancer 4574 days ago
Think bigger than Linux. Think those with freebsd boxes, netbsd boxes, solaris boxes, etc. They're all very much relevant, but left out in the cold by deliberate decisions of the systemd folks to eschew compatibility. Functionality-wise, journald has no way of acting on the messages it receives. With syslogd, it's fairly trivial to write a script that will send a nagios alert every time a service is restarted, for example. How does one do that with journald?
link
bkor 4574 days ago
The init system differed a lot across distributions. Systemd made it more the same within distributions. Solaris uses something systemd like. *BSD use their own thing.

I don't get what you're complaining about, the fragmentation has been reduced :P

link
dignan 4574 days ago
systemd itself provides the functionality to run commands at points during the lifecycle of a service[1]. As for the people in mixed environments, you can forward journald to syslog [2].

[1] http://www.freedesktop.org/software/systemd/man/systemd.serv... [2] http://www.freedesktop.org/software/systemd/man/journald.con...

link
Sanddancer 4574 days ago
That's a tiny sliver of what you can do with syslog piping. For example, fail2ban works by piping the contents of the auth stream of syslog -- usually also put into auth.log -- into a script that monitors for bruteforce attempts. This kind of reactivity is a lot harder on journald configurations.
link
voltagex_ 4574 days ago
Sensible command line UIs? You've made a believer out of me.

How does this affect something like a remote syslog? Could I send the syslog output of my router to journalctl?

link
astrodust 4574 days ago
RedHat Fedora makes no apologies for dropping legacy support. Heck, they threw out ifconfig in Fedora 19.

It's good to be dropping things like syslogd from the default distribution, and the only reason it was ditched was because syslogd is behind the times.

Yes, syslogd does more. If you want those features, install it. Forcing it on everyone, regardless, serves no purpose.

link
darkarmani 4574 days ago
> RedHat Fedora makes no apologies for dropping legacy support. Heck, they threw out ifconfig in Fedora 19.

WTF? Is that because Linux was becoming too easy to use? They have to keep changing it up, so the certification classes have new material to teach. Why wouldn't they keep the command around and wrap whatever re-invented mousetrap replaces it so millions of people can keep typing ifconfig?

link
astrodust 4574 days ago
It's because change.

Change is how you abandon things that are holding you back. It's how you get rid of the various albatrosses, of which there are many, and clean up the environment for new users.

ifconfig is absolutely not easy to use.

link
mcpherrinm 4574 days ago
ifconfig was deprecated on linux long ago. While it is compatible with other unixes, it doesn't really map onto the capabilities of the modern linux stack well.

`ip` really is a better tool, and you're doing yourself a disservice if you're not using it, especially if you have anything more than the basic single IP/default gateway network.

link
darkarmani 4573 days ago
> ifconfig was deprecated on linux long ago. While it is compatible with other unixes, it doesn't really map onto the capabilities of the modern linux stack well.

Long ago? Centos 6.4 still has it. My Mac (BSD) has it. I never suggested that it is stupid to add software (ip) that is better, but why would they deliberately remove it when it is such an expected command and works across other unixes? I have trouble believing that it consumes much disk space.

link
alexlarsson 4574 days ago
Its only removed from the default install. A lot of fedora users (e.g. desktops) don't really need most of what syslog can do, and those that do can easily install it.
link
airencracken 4574 days ago
It's an obvious power play by RedHat to force people to use SystemD which is nearly liblinux at this point. As the project subsumes other projects and adds more and more functions that directly rely on SystemD you'll be harder and harder pressed to run a system without it.

One needs to look no further than what their plans for cgroups are to see the future. Not to mention the plans to get rid of /bin/login and VTs.

link
bkor 4574 days ago
It's systemd. The way the project is spelled has been explained multiple times. Your criticism is bit weak if you insist on spelling things incorrectly seemingly on purpose. Gives the impression you might also not be completely showing things in an objective light. But oh well.

Anyway, your entire complaint is explained at every systemd presentation. The maintainers want to have something which can be used as the basic building block for Linux. Various other projects now rely on that.

So systemd is successful, but surely it is a conspiracy! hahaha

link
rbanffy 4574 days ago
Fedora is the distro Red Hat uses to test stuff like this. I imagine the full functionality will be available and well understood before a RHEL release incorporates it.
link
mateuszf 4574 days ago
AFAIK it's quite easy to hook up rsyslog to it and then it doesn't make a difference.
link
brokenparser 4574 days ago
That seems a bit inefficient to me, you'd end up with both binary and textual log files.
link
andrewaylett 4574 days ago
If you're doing this, you probably want to disable saving the binary logs -- journald will still retain recent logs from the current boot, so the status commands will still work.

Personally, I uninstalled syslog and enabled binary log retention back when I was running F18, and I'm wishing my Ubuntu and Debian boxes had the same ability.

link
anonymouscowar1 4574 days ago
Presumably if you want syslogd's features, it's for something other than the text log files (logging to SQL, network logging, ...).
link
pekk 4574 days ago
It isn't what you want, but that certainly doesn't make it proprietary!
link