Re: F20 System Wide Change: No Default Syslog

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Once upon a time, "Jóhann B. Guðmundsson" <johannbg@xxxxxxxxx> said:
> Currently we are shipping around 550 - 600 components that ship
> services/daemons most but probably not all can use syslog but may
> not be configured to do so which may or may not be affect by the act
> of changing to binary logger I guess depending on which IETF syslog
> standards that binary logger supports?

Lots of programs don't use syslog because it isn't sufficient for their
needs.  For some, there is not liable to be any common logging setup
that will work for them.

However, as I've said repeatedly, your "yum whatprovides" check is flat
wrong, and so is your repeated 550-600 components claim.  If you look at
the number of packages that provide something in /var/log (rather than
your bogus "number of entries under /var/log" check), it comes to a much
smaller number.

I come up with 216 packages (in F18) that put files under /var/log.
However, even that number is inflated; some of those are not an issue.
A few examples:

- setup: has /var/log/lastlog
- util-linux: also has /var/log/lastlog
- initscripts: has /var/log/{w,b}tmp
- pam: has /var/log/tallylog
- ntp: puts stats in /var/log/ntpstats
- sendmail: puts stats in /var/log/mail

That's just a few I recognize and/or am familiar with.  I'm sure there
are others that provide something under /var/log that have absolutely no
issue related to logging (/var/log is sometimes used as a catch-all for
"things that change a lot").

Please stop with the 600 package "scare" number.

> And as we all know log files are used for audits, for evidence in
> legal actions, for incident response, to reduce liability, and for
> various legal and regulatory compliance reasons so so we need to
> look into  log alerting and parsing tools like but not limited
> to...||

That is a completely different requirement; if you want to look at
auditable logging, that is way outside the scope of rsyslog vs.
journald (since neither is any different with respect to security).
Bringing that into a discussion of whether to remove syslog is far more
off-topic than bikeshedding about the journalctl output, options, etc.

-- 
Chris Adams <linux@xxxxxxxxxxx>
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux