SoylentNews is people
SoylentNews
from the with-all-this-logging-we-need-a-lumberjack dept.
World-renowned Unix master Chris Siebenmann has written an article entitled 'I wish systemd would get over its thing about syslog'. It addresses the strained relationship between the systemd init system and the traditional syslog approach to logging used on many Linux systems.
Chris writes:
Anyone who works with systemd soon comes to realize that systemd just doesn't like syslog very much. In fact systemd is so unhappy with syslog that it invented its own logging mechanism (in the form of journald). This is not news. What people who don't have to look deeply into the situation often don't realize is that systemd's dislike is sufficiently deep that systemd just doesn't interact very well with syslog.
This is a must-read article for anyone who needs to use systemd and syslog together.
(Score: 5, Insightful) by frojack on Sunday April 19 2015, @07:23PM
Journald is more of a database rather than just a growing text file. Its Structure [freedesktop.org] is less susceptible to log tampering than is syslog. Message numbers and metadata are encoded into the journal, and there's no way you can fake them like some malware in the passed was known to do.
You can have both. You can use journalctl to have journald echo all or some of the messages out to oldschool log(s).
Once you get use to some of the command structure, searching and finding things in he journal is actually easier (and fasterO than syslog.
Journald is simply an implementation of structured logging [gregoryszorc.com], and structured logging was being developed long before systemd came around. Many people who were working on Structured Logging got all butt-hurt over it because Lennart Poettering and Kay Sievers did not work with them. Structured Logging people had been dicking around so slowly that there stuff was never really implemented anywhere and then two arrogant asses came in and cut them off at the knees. Of course they are pissed.
But as a end user, journald is different, imposes a slight learning curve, but otherwise I find it quite usable.
Yes, I have run into the barfed up "old messages" upon a reboot. It took me all of 15 seconds to read the time stamp and figure out it was old detritus. Yes I've seem messages be available to users that should not be. (Fixed by my distro in short order).
But really, the linked article reads like a hissy fit rather than a significant new complaint. He found exactly two things to complain about.
For the record, I've never had systemd or journald cause me any grief yet.
I still don't like them because of the relearning they imposed without offering ANY improvement to the average user. Its not faster, its not smaller, it doesn't scale meaningfully, it doesn't offer anything that Joe User needed. It wasn't even meant for Joe User. And besides that the two principals need a bitchslap on a daily basis.
No, you are mistaken. I've always had this sig.
(Score: 5, Interesting) by darkfeline on Sunday April 19 2015, @08:05PM
You forgot one important fact.
Just install rsyslog and you can have your plain text logs and eat your systemd cake too. My computer running systemd has both metadata-tagged journald logs AND plain text logs. People who bemoan journald are just looking for a reason to hate systemd when there are other VALID reasons for doing so.
Join the SDF Public Access UNIX System today!
(Score: 2, Informative) by frojack on Sunday April 19 2015, @08:38PM
Believe I covered that in my second paragraph.
No, you are mistaken. I've always had this sig.
(Score: 2) by zocalo on Sunday April 19 2015, @08:43PM
Storage=none
ForwardToSyslog=yes
Then create a file named /etc/rsyslog.d/sd-socket.conf that contains:
$AddUnixListenSocket /run/systemd/journal/syslog
UNIX? They're not even circumcised! Savages!
(Score: 5, Insightful) by Anonymous Coward on Sunday April 19 2015, @09:19PM
Great! So now, after only a few months, I know how to do a quick-n-dirty little hack that gets me back to only slightly less functionality than before systemd landed.
(Score: 2) by aristarchus on Sunday April 19 2015, @08:16PM
For a second there I thought "Oh No!! They've gotten to frojack!" But then I read on and was so relieved.
(Score: 5, Insightful) by Whoever on Sunday April 19 2015, @08:45PM
If you are worried about log tampering, you should not be relying on local logs at all. Instead, a hardened, dedicated server should collect logs for you.
(Score: 0) by Anonymous Coward on Sunday April 19 2015, @09:23PM
Log tampering? Why? When you have systemd to own. No need to tamper with the logs.
(Score: 2) by tempest on Monday April 20 2015, @02:31PM
Or if you want to be super hardcore, send it to a line printer. I always liked that as an option.
(Score: 4, Insightful) by FatPhil on Sunday April 19 2015, @10:17PM
If you have software on your system that's trying to do that, it's probably no longer your system anyway.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 4, Informative) by Thexalon on Monday April 20 2015, @01:23AM
I have:
- I have daemons that start up in the wrong order, which means that ordinary users cannot shut down the system. There is not a clear fix, since there's absolutely no debugging information provided.
- Both startup and shutdown taking significantly longer. Since this was supposed to be the primary benefit of systemd, that's a pretty significant knock.
Meanwhile, my openrc-based Gentoo system is humming along without difficulty.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by frojack on Monday April 20 2015, @01:39AM
You do know that you can control the order of the process start up, right?
It probably would take 15 minutes of RTFM to take care of that.
Like I said, there is a learning curve. And there is little advantage of systemd to joe user. But the problems are solvable, even if annoying.
No, you are mistaken. I've always had this sig.
(Score: 1, Touché) by Anonymous Coward on Monday April 20 2015, @11:35PM
The point seems to be that while he could change the order, he does not know exactly what to change because journald fails to log the errors.
(Score: 5, Touché) by Anonymous Coward on Monday April 20 2015, @02:55AM
Still doesnt sound like a good idea.
(Score: 2) by danomac on Monday April 20 2015, @05:10PM
I have, but I only discovered it recently as I rarely reboot my computer.
I use an Intel fakeraid (via mdadm) due to my dual-boot with Windows. For some reason, `systemctl reboot` and `systemctl shutdown` hang, and on restart cause the IMSM raid to break and rebuild, and there's no indication as to why. During my testing, `systemctl poweroff` works normally.
I haven't had time to even figure out how to compare the three targets to see if there's any difference between them, nevermind coming up with some sort of solution.
(Score: 2) by frojack on Monday April 20 2015, @10:05PM
It seems that all three of those commands go to the same place [freedesktop.org] and systemd replaces itself with /usr/lib/systemd/systemd-shutdown with an argument. I suspect the problem is with that shutdown tool.
Come to think of it, I've had BTRFS barf up its lunch twice, and moved away from it.
I don't know what caused this, it was running on a systemd machine, so I guess I can't totally rule it out I suppose.
But it wasn't obviously systemd as far as I can tell.
Twice in 6 months was too much for me.
I tend to suspend my machine rather than shutting down, and this all seems to work, but even shutting down has not caused any problems since I moved away from BTRFS. I might revisit BTRFS in a couple releases.
I've yet see no advantage to systemd.
No, you are mistaken. I've always had this sig.
(Score: 2) by danomac on Monday April 20 2015, @10:40PM
I also noticed that shutdowns take a lot longer - about 3 minutes compared to openrc's 20 seconds. systemd seems to get hung up shutting down apcupsd (even though apcupsd indicates it shut down successfully in journalctl) systemd doesn't seem to notice.
When I was using openrc the IMSM raid array would corrupt at every reboot.
My laptop has no issues with systemd. Just my main desktop.