[ale] [Fwd: Advertising on ale.org] - OT MS vs Apple vs Linux/UNIX

Alex Carver agcarver+ale at acarver.net
Fri Sep 11 12:39:28 EDT 2015 

On 2015-09-11 09:29, Jim Kinney wrote:
> On Sep 11, 2015 12:09 PM, "Alex Carver" <agcarver+ale at acarver.net> wrote:
>>
>> On 2015-09-11 09:03, Derek Atkins wrote:
>>> Alex Carver <agcarver+ale at acarver.net> writes:
>>>
>>>> It seems I'm getting one for the price of two.  To have what I need now
>>>> I just run one syslogd.  To hvae the same thing under systemd I must
> run
>>>> journald and then run a syslogd on top of it because journald is not
>>>> capable of filtering inbound.
>>>
>>> In my case I just installed rsyslog manually.  Apparently logwatch was
>>> not updated to look at journald!!  OOPS!
>>
>> Yeah, big oops.  My remote systems run rsyslogd with basic filtering to
>> send busy logs to a remote machine and the less busy logs go to local
>> storage.  The remote system uses syslog-ng to filter into multiple log
>> files based on source machine, daemon and keywords.  But if I had
>> systemd running then it would insist on having journald running, too,
>> yet I'd still need rsyslogd and syslog-ng to do all the filtering.  So
>> I'm just running an extra daemon for nothing.
> 
> At that point, you would have done the research on the new process and have
> known that you would need to use remote journald for networked logging or
> install the latest, patched upstream logwatch.
> 
> Really people. Crap changes with every release. Apache 2.2 to 2.4 was a
> total clusterfsck. Learning SELinux was a total clusterfsck so much so that
> Debian spawned app-armour to lighten the impact.  If your stuff depends on
> old code, better get use to being the full support for it as devs like
> working on new hotness. Really. Who wants to patch NFS when there's gluster
> and lustre and orangefs and others to code on.


No, you missed what I wrote.  I don't do full remote logging, I do
partial remote logging (I also don't use logwatch but that's Derek's
need).  Under rsyslogd or syslog-ng I can choose what portions of the
logs are kept local or sent away to a remote logger.  Under journald I
*CAN'T* do that.  I read the docs for journald, it's just not there.  I
have only three choices with journald:

1.  Keep nothing locally (Storage=none) and run a second daemon
(rsyslogd, syslog-ng) alongside journald to process everything as I do

2.  Let journald keep everything locally and duplicate everything to a
remote server.

3.  Let journald forward everything to a remote server.  If the remote
server runs journald, too, then I must use option 1 above and run a
second daemon alongside journald to provide the service I need.

Journald is *LESS* capable than rsyslogd or syslog-ng but I am *FORCED*
to have it turned on if I have systemd even if it does absolutely
*NOTHING* for me because I have to run parallel daemons.  That is the
complaint.

I do not want to log everything to local storage but I do not want to
log everything to remote servers either.  Existing syslog daemons do
that without blinking.  Now if I could replace journald entirely with
another daemon like I could replace rsyslogd with syslog-ng (or vice
versa) then this wouldn't be a problem.  But I can't, it's fully
integrated into systemd (fortunately I don't have to run systemd on any
machine right now).

More information about the Ale mailing list