Red Hat's Linux Changes Raise New Questions

← Back to Stories (view on slashdot.org)

Red Hat's Linux Changes Raise New Questions

Posted by timothy on Thursday December 1, 2011 @07:02AM from the source-is-open-start-your-own-distro dept.

itwbennett writes "Last month two Red Hat developers proposed to replace the 30-year-old syslog system with a new Journal daemon. Initial reaction was mostly negative and 'focused on the Journal's use of a binary key-value form of data to log system events,' says blogger Brian Proffit. But now, says Proffitt, it seems that the proposal to replace syslog has less to do with the fixing syslog's problems than with Red Hat's desire to go its own way with Linux infrastructure."

105 of 433 comments (clear)

Min score:

Reason:

Sort:

One of the advantages of Linux by Todd+Knarr · 2011-12-01 07:08 · Score: 5, Insightful

That's one of the advantages of Linux: RedHat can go their own way without needing the rest of us to buy in, and without really messing things up for us. If they provide a reasonable API, it'll either be compatible with syslog with a simple library substitution or we'll quickly see a wrapper library that allows programs to use either syslog or Journal without needing code changes.
I think going to binary's a bad idea, myself. The fewer tools you need working to find out what the error is, the easier it is to debug and fix the problem. But let RedHat try this and see how it works, and then we can decide once we've got some real-world data to compare.
1. Re:One of the advantages of Linux by LordLimecat · 2011-12-01 07:12 · Score: 5, Interesting
  
  There are advantages to not having everything in ascii text, or else we would never see relational databases used for anything. You are right that we will see. I like plain text logs because I am still learning the ins and outs of the major Linux breeds, and not having to learn a special tool for every config file and log makes things easier; but I wont say that there couldnt be benefits to a more robust system.
2. Re:One of the advantages of Linux by errandum · 2011-12-01 07:14 · Score: 2
  
  Because if they go their own way the next time you're trying to compile something a bit more complex it won't screw everything. I like red hat based distros because they tend to stay more or less the same over the years, leading to easily configurable systems. The moment they deviate it'll be their death.
3. Re:One of the advantages of Linux by skids · 2011-12-01 07:17 · Score: 4, Insightful
  
  That's one of the advantages of Linux: RedHat can go their own way without needing the rest of us to buy in, and without really messing things up for us.
  Not quite true. If PHB insists on RHEL, you're stuck coping with whatever poor choices they make.
  Why do I get the sense that all the chafing at the "restrictions" of the LSB/linux-instinct/unix-way/common-sense is just the bellyaching that happens when you realize you're short the talent/energy/whatever to progress and start looking for ways to re-arrange the deck chairs?
  
  --
  Someone had to do it.
4. Re:One of the advantages of Linux by esocid · 2011-12-01 07:21 · Score: 2
  
  Maybe entrenchment has some bearing on it. The article mentions the arguments for switching from syslog, and that you can do some of them already in syslog, but nobody does.
  
  However, I agree with you. Let RH try it out. It's not like they can't revert if they find that it was a bad choice. If we wanted all distros to be the same, we'd run windows instead.
  
  --
  Absolute power corrupts absolutely. indymedia
5. Re:One of the advantages of Linux by GameboyRMH · 2011-12-01 07:23 · Score: 2
  
  If PHB insists on RHEL, you're stuck coping with whatever poor choices they make.
  And that's RHEL's bread and butter, corporate support & name recognition, always a requirement at businesses with a NEGFFBIBM attitude. Anyone who doesn't need it will just go with CentOS or some other distro. Those who do need it...well I guess when the troubles become to great they'll have to make a hard decision.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
6. Re:One of the advantages of Linux by MightyMartian · 2011-12-01 07:23 · Score: 5, Insightful
  
  No matter your experience, plain-text logs make more sense, especially in *nix operating systems. You have a vast array of tools to search log files with; my favorites being tail and grep. The minute you go to binary logging your options shrink or you end up having to use additional tools to reconvert it to text (ie. the Windows event log).
  
  --
  The world's burning. Moped Jesus spotted on I50. Details at 11.
7. Re:One of the advantages of Linux by CAIMLAS · 2011-12-01 07:26 · Score: 4, Insightful
  
  Looks like they're pulling the same shit Ubuntu pulled with upstart (init replacement). "Let's replace something simple and elegant with something complex, incomplete, and very difficult to fix when it goes wrong".
  Sorry, but no thanks. I can see the need for something else, in a limited/special purpose role, but these assholes are aggregately destroying the very basis of what makes Linux a good, robust server choice:
  * you can use traditional unix tools from ssh to manipulate and analyze the system
  * there are literally thousands of tools for analyzing, manipulating, and storing syslog data
  * init is purely linear, whereas upstart is threaded, increasing the possible ways in which it can fail as well as increasing the difficulty of troubleshooting
  * KISS means broken things are more obvious.
  * KISS means there's less that can go wrong.
  * Most Windows guys don't even read the logs, from what I've seen. This could quite possibly be related to the complexity and lack of utility of Event Viewer itself, granted, but even Event Logs can be exported to syslog...
  While we're at it, why don't we start using XML or sqlite as a replacement for /etc.
  
  --
  ~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
8. Re:One of the advantages of Linux by Anonymous Coward · 2011-12-01 07:28 · Score: 3, Interesting
  
  WTF does NEGFFBIBM mean? Google fails me on this one :(
9. Re:One of the advantages of Linux by LordLimecat · 2011-12-01 07:34 · Score: 3, Insightful
  
  As has been pointed out, there is no reason you couldnt use a new tool to get the output you want out of the database.
  You cannot, for example, convince me that noone is able to script MySQL databases, despite their binary nature.
10. Re:One of the advantages of Linux by Anonymous Coward · 2011-12-01 07:34 · Score: 3, Insightful
  That's one of the advantages of Linux: RedHat can go their own way without needing the rest of us to buy in, and without really messing things up for us. If they provide a reasonable API, it'll either be compatible with syslog with a simple library substitution or we'll quickly see a wrapper library that allows programs to use either syslog or Journal without needing code changes.
  I disagree. In fact, I'd call this a real disadvantage of the FOSS world (bazaar-style development in particular): change comes so slowly because no one else will commit to it. I think it's hard to really take advantage of changes if others just slap an abstraction layer on top of them and otherwise ignore them. I haven't studied this specific example in detail, but off the top of my head:
  
  software written by people with that attitude won't take advantage of the key/value pair format because syslog doesn't have that
  likewise nothing will switch from a proprietary format to the new common infrastructure
  log analysis software probably won't do anything too interesting with the output files because god forbid someone be left behind
  and so this won't be as useful as it would be otherwise.
  To take another example I have paid a little more attention to, init was around for far too long, and yet I'm amazed init->upstart happened at all. Even when something is clearly superior, if it takes buy-in from people who want their software to work on the greatest possible range of systems, it's hard to make that happen. init->upstart probably worked because the startup is a relatively unobtrusive piece of the software, relatively easily replaced by distributors.
  In contrast, proprietary or cathedral-style development of a whole system does much better at this. They have the sort of unity of purpose where they can agree that something is valuable and exploit it through the whole system. I've seen this at work. Maybe the best example is something that hasn't happened in the Linux world, though: a widely used high-level language. The GNOME people in particular won't commit to anything but plain C, with their painful object model on top of it.
11. Re:One of the advantages of Linux by LordLimecat · 2011-12-01 07:35 · Score: 5, Insightful
  
  Not quite true. If PHB insists on RHEL, you're stuck coping with whatever poor choices they make.
  Package management: use it. I would be very surprised if RedHat prevented you from installing whatever logging facility you wanted on your server.
12. Re:One of the advantages of Linux by Anonymous Coward · 2011-12-01 07:36 · Score: 5, Informative
  
  Nobody Ever Got Fired For Buying IBM
  - GameboyRMH (bloody post limiter!)
13. Re:One of the advantages of Linux by Compaqt · 2011-12-01 07:36 · Score: 4, Informative
  
  I agree in general with "if it's not broken, don't fix it". Witness /. opinion regarding Unity/Gnome changes.
  About Upstart, my lowly sysadmin opinion is this: It seems different from the other stuff Ubuntu's been doing in that, AFAIK, it's not alone in this. I think Fedora's going that way too.
  Also, with Upstart I know if the webserver crashes for some reason, it'll restart without intervention. Yeah, I know, you're not getting to the root of the problem, but it beats being stuck to a top display looking if something burned.
  
  --
  I'm not a lawyer, but I play one on the Internet. Blog
14. Re:One of the advantages of Linux by Iphtashu+Fitz · 2011-12-01 07:36 · Score: 4, Insightful
  
  RedHat can go their own way without needing the rest of us to buy in
  The only problem with your argument is that Red Hat has a huge base of paying customers, and money talks.
  I manage a small research cluster at a university. It's running Red Hat linux on over 100 nodes. The university has a site license for Red Hat so licensing for the cluster isn't an issue. The decision to go with Red Hat had to do mainly with what distros are directly supported by commercial products like Matlab, Mathematica, Abaqus, Maple, Comsol, Ansys, etc. All these vendors sell lots of software & services to universities, research labs, etc. and they all support Red Hat linux.
  I've personally dealt with support departments when trying to run commercial software on non-RH distros, and in some cases they pretty much tell you you're on your own if you're not using RH or one of the other top two or three distros. Most commercial vendors will only state that they support RedHat, SUSE, and maybe Ubuntu and/or Debian.
  If/when Red Hat comes out with a new way of doing things then customers like us will start pushing on the vendors to support those new ways. After all, we're tied into using Red Hat, and we need their products to run on it. So the commercial software vendors will start supporting the Red Hat way of doing things to appease their customers. And once the commercial vendors start supporting it then it will slowly but surely make its way into other distributions as well so that these apps can run on distros that other people want to use.
15. Re:One of the advantages of Linux by mlts · 2011-12-01 07:38 · Score: 2
  
  I'd disagree. RedHat is only one of two Linux distros that is FIPS and Common Criteria certified. Of course, to people who work with Linux, this doesn't mean much. However when it comes audit time, the auditors either want to see certifications of the OS, or one better has to have a damn good reason (and not a technical one -- one that will appeal to a bean counter who is looking for any excuse to shut your operation down) why the OS isn't certified. Usually one has to explain in great detail why the OS in use is not Windows.
  With this being the case, what RH does affects a lot of production items. Take RHEL 6 -- it now uses a new network startup daemon instead of the old network binary. One can switch to the old one, but that one is depricated. Same with commands like ifconfig -- in RHEL6, one uses "ip addr" instead.
16. Re:One of the advantages of Linux by LordLimecat · 2011-12-01 07:38 · Score: 5, Interesting
  
  Looks like they're pulling the same shit Ubuntu pulled with upstart (init replacement). "Let's replace something simple and elegant with something complex, incomplete, and very difficult to fix when it goes wrong".
  One could make that argument about solid-state electronics, the move away from punch-cards, the move from paper-based filing, the move to journaled filesystems, etc.
  Sometimes progress means letting go of the past, and sometimes it takes a while to fully bake; thats why RedHat doing the QA, testing, and development for the rest of us is a good thing. If it sucks, it will die, and noone really has to acknowledge that it ever existed.
17. Re:One of the advantages of Linux by rsilvergun · 2011-12-01 07:44 · Score: 4, Insightful
  
  Yeah, but you add a bunch of overhead to get back to text.
  
  --
  Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
18. Re:One of the advantages of Linux by epiphani · 2011-12-01 07:45 · Score: 5, Informative
  
  Agreed. I submitted this post yesterday, by the lead developer for rsyslogd (the most common syslog daemon in linux these days). He makes the point that most of the complaints made are actually wrong if they'd bothered to look at the last 10 years of development and IETF work around syslog.
  
  --
  .
19. Re:One of the advantages of Linux by lucm · 2011-12-01 07:46 · Score: 2, Insightful
  
  No matter your experience, plain-text logs make more sense, especially in *nix operating systems. You have a vast array of tools to search log files with; my favorites being tail and grep. The minute you go to binary logging your options shrink or you end up having to use additional tools to reconvert it to text (ie. the Windows event log).
  The more a system becomes complex, the more one needs to see events as part of a whole and do some kind of analysis and correlation. This type of work is done more easily with databases. I like grep like everyone, but if I want to have a nice rollup of events based on time and source, I will get the info much more easily with a SQL query than with a regex piped into a reporting utility piped into a paging utility.
  Also I think one has to adapt to a technology, not try to make it work like what was there before (unless he is a one-trick pony). Why would you want to "reconvert" the Windows event log to text? On Windows there is a lot of built-in capabilities for log exploring in Powershell or even in VBS/WMI. A toolbox contains many tools, not just grep.
  
  --
  lucm, indeed.
20. Re:One of the advantages of Linux by Crudely_Indecent · 2011-12-01 07:50 · Score: 4, Informative
  
  What I don't understand is why you can't achieve both log security and log usefulness with the existing tools.
  In a previous job (seems like a different life) - I set up all of the servers to utilize remote syslog. The syslog server then offered the log directory as a read-only NFS exports to each of the servers.
  It was quick, it was easy, and it was secure. You could view the local logs on individual servers, but you couldn't alter them in any way except by generating log output.
  
  --
  
  "Lame" - Galaxar
21. Re:One of the advantages of Linux by DiegoBravo · 2011-12-01 07:56 · Score: 5, Insightful
  
  Many times with a (semi)broken operating system, you don't have all the usual tools.... sometimes your only clue is a syslog driven console text message.
22. Re:One of the advantages of Linux by Hatta · 2011-12-01 08:12 · Score: 5, Insightful
  
  If it sucks, it will die.
  On what do you base this assumption? History is littered with sucky technologies that became standard because someone important was pushing it.
  
  --
  Give me Classic Slashdot or give me death!
23. Re:One of the advantages of Linux by pdxer · 2011-12-01 08:12 · Score: 2
  
  If it sucks, it will die, and noone really has to acknowledge that it ever existed.
  Yeah, that's what happened with Windows. It...oh wait...
  
  --
  Looking for a job in Portland, Oregon?
24. Re:One of the advantages of Linux by DrXym · 2011-12-01 08:15 · Score: 2
  
  No matter your experience, plain-text logs make more sense, especially in *nix operating systems. You have a vast array of tools to search log files with; my favorites being tail and grep. The minute you go to binary logging your options shrink or you end up having to use additional tools to reconvert it to text (ie. the Windows event log).
  Except you already see binary log files on Unix. Log files are frequently compressed with gzip. I don't see a big difference between someone typing (for example) "zcat file.gz | grep somestring" and "redhat-log-cat | grep somestring" assuming that was the name of the tool they used to crap out a logfile from the binary db.
  I'd also note that tools like git are happy to store things in binary objects yet still present stuff in textual format to the user.
25. Re:One of the advantages of Linux by someSnarkyBastard · 2011-12-01 08:31 · Score: 2
  
  You do realize that this is going into Fedora, not Red Hat proper, right? Fedora is rather infamous for introducing bleeding-edge new stuff and breaking things between updates, Red Hat Enterprise Linux is much more focused on stability and compatibility. Syslog will remain the default on RHEL for a long time yet.
26. Re:One of the advantages of Linux by Tomato42 · 2011-12-01 08:46 · Score: 5, Interesting
  
  Just yesterday I was debugging why my syspreped Win 7 images weren't installing properly. So I go to sysprep directory and start reading the text log. It didn't have any useful info. So I grabbed the binary log and tried to import it on the same machine in pre-exec environment. It couldn't do it. So I copied it to different computer and tried to open it there, the system claimed that the file was damaged. After 4 hours of struggle to read, copy or convert the bloody thing I went the "Microsoft recommended way" (seriously, that's the solution they suggest in MSKB) and bisected which program caused the install failure. In "only" 6 reinstalls I finally found the culprit.
  
  If it was a Linux distro, a simple cat or tail would have sufficed and it would have been a 15 minute job, not 2 days. If they want my text logs they will have to pry it from my cold dead hands.
27. Re:One of the advantages of Linux by vakuona · 2011-12-01 08:47 · Score: 2
  
  So maybe it doesn't suck as much as you think. And maybe *nix sucks more than you think. Just saying.
28. Re:One of the advantages of Linux by Anonymous Coward · 2011-12-01 08:52 · Score: 4, Interesting
  
  Yeah, but you add a bunch of overhead to get back to text.
  Yes, you get the overhead when you as a human try to read the log. In plain text you have the overhead whenever it is used by the system.
  There are plenty of arguments for using ascii, efficiency is not one of them.
29. Re:One of the advantages of Linux by jgrahn · 2011-12-01 08:55 · Score: 4, Informative
  
  Agreed. I submitted this post yesterday, by the lead developer for rsyslogd (the most common syslog daemon in linux these days). He makes the point that most of the complaints made are actually wrong if they'd bothered to look at the last 10 years of development and IETF work around syslog.
  But about this part of what he wrote:
  
  "Ages ago (2006?) I implemented high-precision timestamps (including TZ info) in rsyslog, and RFC5424 has brought them to the on-the-wire protocol. As far as I know, syslog-ng supports them for quite a while as well (but I am not a syslog-ng expert ;)). However, all distributions turn high precision timestamps off and set the dumb old format as this is a requirement to keep old tools working."
  I enabled high-precision timestamps on my Debian system to get a feel for them. But I had to turn them off again: not readable enough, and took too much screen space making more log lines wrap. The tools weren't the problem; I just couldn't eyeball the damned things!
30. Re:One of the advantages of Linux by jmitchel!jmitchel.co · 2011-12-01 08:58 · Score: 2
  
  You can script mysql databases, assuming the data files are intact, mysql is intact and runs on the server, and you have functioning tools and the skill to use them. ASCII logfiles will be readable in spite of spot corruption and can be processed with grep / head / tail -- if these primitives don't work it probably doesn't matter what's in the log.
31. Re:One of the advantages of Linux by Spazmania · 2011-12-01 09:02 · Score: 2
  
  tail -f /var/log/messages
  In mysql? How?
  
  --
  Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
32. Re:One of the advantages of Linux by marcosdumay · 2011-12-01 09:03 · Score: 4, Informative
  
  Except that logs are rarely used by the system. And on the few times where performance matters, the system is just interested on the last few lines, in real time. So, you just use them before (or while) writting.
  
  --
  Rethinking email
33. Re:One of the advantages of Linux by ThePhilips · 2011-12-01 09:34 · Score: 4, Informative
  
  The more a system becomes complex, the more one needs to see events as part of a whole and do some kind of analysis and correlation. This type of work is done more easily with databases. I like grep like everyone, but if I want to have a nice rollup of events based on time and source, I will get the info much more easily with a SQL query than with a regex piped into a reporting utility piped into a paging utility.
  
  Typing 'grep <whatever>' is much much faster than: connecting to DB, typing query and realigning rows/columns on screen for readability.
  I have to dig quite often through audit-log-like tables in DB created by our software and let me tell you that SQL doesn't make any correlations easy. Especially if we are talking about some production system were you end up self-joining a table with few dozen million rows (what you need to display for example the trivial thing as the time to the next/prev interesting event).
  Neither the usual SQL tools are any good at displaying the data - as compared to displaying the SQL itself e.g. syntax highlighting. On text side of things, it takes minutes to create custom syntax for VIM for the problem at hand.
  
  Why would you want to "reconvert" the Windows event log to text?
  
  How many 3rd party applications actually use the Windows Event Log? I have seen probably one or two.
  You know why? Because using it is a PITA - I have tried that twice as SW devel already in times of NT4 and W2K. (I was hoping to simplify critical error reporting of the Windows applications (including one GUI-less) and thought myself "WEL is just like syslog!" Oh gosh, Windows API proved me wrong.)
  
  On Windows there is a lot of built-in capabilities for log exploring in Powershell or even in VBS/WMI. A toolbox contains many tools, not just grep.
  
  Oh, so you like all that stuff over something as fool-proof, robust and simple as the grep? OK.
  
  --
  All hope abandon ye who enter here.
34. Re:One of the advantages of Linux by vakuona · 2011-12-01 09:37 · Score: 2
  
  Windows does what it needs to do. I am not saying it is the best. I am saying it does some things well enough, and that is what matters. I am also implying that *nix and other OSes also suck in other ways. I am not denying that there are reasons, other than technical and non-suckage, that have left Windows dominant, such as abuse of monopoly and network effects (Microsoft would have become dominant anyway, so it is rather unfortunate for them that they saw the need to abuse their position because the judgment hamstrung them for more than a decade).
  But if Windows didn't do at least what people need it to do, and some of what people want it to do, it would have died.
35. Re:One of the advantages of Linux by hawguy · 2011-12-01 09:40 · Score: 3, Insightful
  
  No matter your experience, plain-text logs make more sense, especially in *nix operating systems. You have a vast array of tools to search log files with; my favorites being tail and grep. The minute you go to binary logging your options shrink or you end up having to use additional tools to reconvert it to text (ie. the Windows event log).
  Except you already see binary log files on Unix. Log files are frequently compressed with gzip. I don't see a big difference between someone typing (for example) "zcat file.gz | grep somestring" and "redhat-log-cat | grep somestring" assuming that was the name of the tool they used to crap out a logfile from the binary db.
  The difference is that one zcat tool can handle any gzipped file, it doesn't need to know a thing about the data in the file.
  But if when developers start using binary data, yourredhat-log-cat parser will need to understand how each developer writes their data.
  Some developers may just use ascii key-value pairs. Some may write out numbers as binary ints and floats. Some may serialize java objects and write those to the logs.
  With ASCII readable files you can usually (but not always) decipher the data and write a parser for it. Once you've got a stream of binary data, this becomes much harder.
  Which would you rather try to decode:
  Perfdata: 0 100 123123123 20.1
  or
  Perfdata=00000000000000640756b5b35468a000
  Of course, with proper discipline, this can be prevented from becoming an indecipherable mess, but the same could be said for the current syslog.
36. Re:One of the advantages of Linux by LordLimecat · 2011-12-01 09:54 · Score: 2
  
  Because the beauty of RPM and the linux CLI is that you are 2 commands away from having the sucky technology replaced with the syslog you love. Its really hard to have an entrenched, hard-to-get-rid-of software based on Linux that can be managed by a package manager.
37. Re:One of the advantages of Linux by MightyMartian · 2011-12-01 10:14 · Score: 5, Informative
  
  MySQL requires the daemon to be running, or at least access to some utility with the MySQL library. If a system has crashed or has reduced functionality due to system problems, a text log that can be scanned with the basic *nix stdio tools is a helluva lot more useful than a binary log.
  I hate the Windows eventlog and binary logs in general precisely because they become rapidly less accessible the more issues a system has, which is quite often why you need to delve into syslog anyways. What exactly is the point to reinventing the wheel?
  
  --
  The world's burning. Moped Jesus spotted on I50. Details at 11.
38. Re:One of the advantages of Linux by MightyMartian · 2011-12-01 10:16 · Score: 4, Insightful
  
  So now on top of a crippled system, you've got to move the logs over to a system so you can read them? This is exactly what you're faced with when a Windows system takes a dive, and it sucks.
  
  --
  The world's burning. Moped Jesus spotted on I50. Details at 11.
39. Re:One of the advantages of Linux by Billly+Gates · 2011-12-01 10:17 · Score: 2
  
  "As has been pointed out, there is no reason you couldnt use a new tool to get the output you want out of the database." ... and end up with the wonderful Windows Registry? 9 out of 10 times non virus related PC problems are ALWAYS related to the registry due to database/index corruption. It is autrocious and prefer Linux because it is text based.
  MySQL corrupts and is why real DBAs from other platforms scratch their heads, and insist on PostgreSQL if you want free. Text is just easier not to mention fsck can repair a corrupted file. Not a database or an index however.
  
  --
  http://saveie6.com/
40. Re:One of the advantages of Linux by cas2000 · 2011-12-01 10:46 · Score: 4, Informative
  
  yeah, me too. while it's probably better to have the high-precision timestamps, for me it's more useful to have them readable.
  I have the same problem with squid logs - they use unix time_t with milliseconds for the timestamp. more precise but less readable. I filter the lines through a small perl script to reformat the dates when i need to tail or process them:
  #! /usr/bin/perl -p
  use Date::Format ;
  s/^\d+\.\d+/time2str("%Y-%m-%d\/%H:%M:%S", $&)/e;
  this is similar to what is mentioned in http://wiki.squid-cache.org/Features/LogFormat but with the improvement (IMO) that the timestamp still only takes one column (compared to localtime() making it take 5 columns), so it doesn't mess up other processing scripts that depend on the detail being in specific columns)
  from this;
  1322779413.527
  to this:
  2011-12-02/09:43:33
  It would be annoying to have to do that for syslog logs too. I don't really need millisecond precision for my system logs anyway, near enough is good enough. All i need is accuracy and consistency across multiple systems - and ntp gives me that.
41. Re:One of the advantages of Linux by alcourt · 2011-12-01 10:47 · Score: 2
  
  Actually, if you are at that point, you need to centralize your logs or use a proper alerting system beyond traditional logging because you are at the point you need to correlate events across systems. "Alert if this event occurs on system A unless you see this other event on system B or C"
  Putting a database to manage logs on each system causes grief. We tried that once with wtmp. It hasn't worked out well, and we still don't have a clean replacement for wtmp that records logout times. So instead, I'm faced with custom tools to parse the wtmp file and eliminate events where the user has logged out, leaving events in the file where the user has logged in but has not logged out. (it's painful)
  
  --
  "I may disagree with what you say, but I will defend unto the death your right to say it." -- Voltaire
42. Re:One of the advantages of Linux by bill_mcgonigle · 2011-12-01 10:49 · Score: 4, Informative
  
  tail -f /var/log/messages
  In mysql? How?
  You missed a requirement: in a form that's still usable when the machine keeps going down hard in the middle of a boot. 'tail messages' still works, nothing to get corrupted or worry about a write-ahead log that can't get consistent.
  Not that I spent the day today troubleshooting one of those or anything...
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
43. Re:One of the advantages of Linux by alcourt · 2011-12-01 10:51 · Score: 3, Insightful
  
  For a moment, I thought you were one of the people on our log analysis team that I work with.
  There are places where a database is good. I recommend them heavily, but the original log output shouldn't be database. If you want a database of logs (appropriate in many cases), send a copy of the logs off host (which you have to do anyway for PCI and many other audits) and store that copy in a database. That makes it easier to comply with other requirements.
  Best of both worlds. Plain text local to box in case Things Go Wrong, and database for cross-system forensic analysis.
  
  --
  "I may disagree with what you say, but I will defend unto the death your right to say it." -- Voltaire
44. Re:One of the advantages of Linux by alcourt · 2011-12-01 10:59 · Score: 2
  
  RHEL 6 broke that. They stopped supporting syslog and went to rsyslog which is incompatible and is breaking things left and right. Yes, we entered a show-stopper bug on certification with RH.
  No, those of you who are rsyslog fans, it is not syslog. It is an abomination wearing a poorly fitting skin of syslog, but the rotting flesh is visible underneath, the miasma of decay of what was once a useful tool has left a shambling terror that cannot be abided.
  
  --
  "I may disagree with what you say, but I will defend unto the death your right to say it." -- Voltaire
45. Re:One of the advantages of Linux by nine-times · 2011-12-01 11:14 · Score: 2
  
  Also if it's broken enough that you can't actually boot, but you can still get access to the files on the disk, then plaintext will be readable by any other OS. If it's a weird binary format, then you have to worry about whether you have the correct viewer installed, if there's even one available.
46. Re:One of the advantages of Linux by Todd+Knarr · 2011-12-01 11:41 · Score: 3, Informative
  
  The problem here though is that the whole reason for the logs being plain text is that the time you most need to be able to read the logs is exactly when things are broken, most services won't start because of the breakage, and your special tools may not be working because most of the system just isn't there. With plain text files, if you can boot into the single-user maintenance shell (not even single-user mode, literally running the shell as PID 1) and get the filesystem the logs are on mounted, you can read the logs and see what happened. With a more complicated system you end up in a catch-22 where you need to fix the breakage to get the tools working to find out what you need to fix to get the tools working.
  This is, BTW, why /sbin exists separate from /bin. You couldn't always guarantee that libc was OK, so /sbin had statically-linked copies of critical tools that you could use to fix the system after something had trashed the critical system libraries.
47. Re:One of the advantages of Linux by LordLimecat · 2011-12-01 12:11 · Score: 2
  
  The big problem with Windows is that it's tied to horrible design decisions made twenty years ago because if they change anything they'll break the proprietary, closed-source WhizzyWriter word processor from 1993 and customers will start whining.
  Someone wasnt paying attention when they transitioned to 32-bit, and from thence to 64 bit. Someone also wasnt paying attention when they basically rewrote most everything in NT, and then completed the process in Vista where they DID break everything (which you said they wouldnt do), and provided compatibility in the form of virtualization.
  Someone also wasnt paying attention to the fact that MS is big enough that they CAN mandate "update your shit, windows 7 comes out in 1 year and will break legacy cruft", because I saw vendors do it in medical offices, petroleum distributor's modem-based monitoring apps (updated to ethernet and Win7 compatible), and various other areas.
  Your beliefs about what they can and cannot do are just wrong; 5 years ago users would say "they cant fix the administrator-by-default thing, because it would break everything. Guess what, thats why everyone hated vista, because they fixed it.
  Your example about the DLLs is possibly one of the very few legacy hold-overs that they will stick to, and I had thought they were fixing that. Windows DOESNT sell just through backwards compatibility, people buy Windows because
  1) Exchange has historically slaughtered the competition. That (so I hear) is starting to change, but Im not holding my breath; Exchange supports BES and ActiveSync, and through them basically every major phone out there. Besides ActiveSync, what does your android support? IMAP? What about your Palm Pre? POP? Yea, thats real competitive.
  2) Office remains the most popular productivity suite out there. Office runs on Windows, with a crappy half-way port to Mac (I understand it is less crappy than it used to be).
  3) Most commercial software runs on windows, and I dont mean legacy crap designed for Windows 95.
  
  With Linux the vast majority of software is open source and will be fixed to work with any new changes, and old closed-source software 'it's broken, tough'.
  That is a GROSS oversimplification. In many instances, the response is "fuck you, we're the devs and its Working as Intended" or "fix it yourself" or "I no longer maintain this software, feel free to fork it tho". Arguing the merits of FOSS vs commercial / proprietary is nowhere near as simple as you make it; look at chrome vs Chromium and see where all the progress comes from, or compare to Firefox and tell me which is more nimble and innovative, and who gets patches installed quicker.
48. Re:One of the advantages of Linux by LordLimecat · 2011-12-01 12:17 · Score: 3, Insightful
  
  Um, no, im assuming your bin folder hasnt been corrupted, right? Is there any reason to assume that 'cat', 'tail', and 'grep' would function and 'readJournalLog' would not? Are the cat binaries more robust or something?
  Or are you just making assumptions about what would be required to read the new journal?
49. Re:One of the advantages of Linux by LordLimecat · 2011-12-01 12:40 · Score: 2
  
  I hate the Windows eventlog and binary logs in general precisely because they become rapidly less accessible the more issues a system has
  Not really, the requirements for reading event logs boil down to one or two DLLs, and MMC.exe. Ive been on systems where the whole windows folder disappeared (due to a wigging out drive and filesystem), and was still able to read data out of the event log by pulling those one or two files over.
  And whoever said they were using mysql?
50. Re:One of the advantages of Linux by mabhatter654 · 2011-12-01 13:17 · Score: 5, Insightful
  
  Wow.. I forget there are OSes that don't have serial panel output for error codes! Or Operator "key" codes to force diagnostic modes?
  Coming from an AS400 background this article shows how silly "normal" system management is. To answer the parent, the system can be issued boot time commands in HARDWARE (which are also available for virtual machines) that will bring the system to a minimal "restricted" console state. That's like a cornerstone of the system and IBM doesn't mess with that.
  Next, the proposal Red Hat has is a very AS400 concept. The History Log (QHST) and the Security Audit Journal (QAUDJRN) are both binary structures that have hard-coded readers built into the kernel. The system maintains internal integrity of the files with extra fields you never see. Of course the AS400 native file system is "DATABASE"-based. So any command that outputs from these displays to a screen or to something that can be instantly searched with SQL.
  I'm certain that is what they are trying to make here. Ultimately in security you care about the integrity of the logs more than even recovering the system... Especially when to don't have to restart for a year at a time or more. Frankly, they should add an output option for SQLite file types and everybody can be happy.
  Realize that when places like banks use AS400's they mirror the raw audit journals off to another system, often hundreds a day. Because the are binary journals, they are difficult to tamper with because they interlink with eachother. Yet at the same time because they are a data type programs can monitor them for specific events automatically and it's trivial to set up actions to take.
51. Re:One of the advantages of Linux by BitZtream · 2011-12-01 15:14 · Score: 2
  
  and end up with the wonderful Windows Registry? 9 out of 10 times non virus related PC problems are ALWAYS related to the registry due to database/index corruption.
  You're flat out full of shit :) I'd bet $100 you've never in your life experienced real registry corruption, more likely you at best have had something mangle the actual data not the data base.
  Just because the wrong keys get deleted doesn't mean your registry is corrupt any more than rm -rf /etc makes your filesystem corrupt, those both make it unlikely you're system will boot.
  No one said they'll use MySQL. A properly designed database won't get corrupted beyond readability any more so than a text file.
  
  --
  Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
52. Re:One of the advantages of Linux by swalve · 2011-12-01 16:17 · Score: 2
  
  Linux can feed errors to serial. My problem with switching to database models for configs and logs is that there is no point to it. It seems like it might be one of those deals where it saves the programmers some time, but costs the users tons of time.
53. Re:One of the advantages of Linux by tqk · 2011-12-01 16:27 · Score: 2
  
  Is there any reason to assume that 'cat', 'tail', and 'grep' would function and 'readJournalLog' would not?
  Yes. Your system is really hosed, so you boot it with a LiveCD to read the logs. Does your LiveCD include readJournalLog? Do you really want to play with that possibility?
  syslog doesn't need the performance hit that writing binary records would give it. Recovery DOES need the transparency that text offers.
  readJournalLog ~= Windows' Registry. Dumb. Seriously dumb.
  
  --
  "Tongue tied and twisted, just an Earth bound misfit ..." -- Pink Floyd.
54. Re:One of the advantages of Linux by AragornSonOfArathorn · 2011-12-01 18:05 · Score: 2
  
  But then you are tied to Red Hat.
  If you don't want to be tied to Red Hat, you won't buy Red Hat in the first place.
  
  --
  sudo eat my shorts
55. Re:One of the advantages of Linux by LordLimecat · 2011-12-01 20:58 · Score: 2
  
  Yes. Your system is really hosed, so you boot it with a LiveCD to read the logs. Does your LiveCD include readJournalLog? Do you really want to play with that possibility?
  I assume your live distro includes package management, right? Have you never installed wireshark, or vmfs support, or HFS+ support on a live cd?
56. Re:One of the advantages of Linux by LordLimecat · 2011-12-01 21:13 · Score: 3, Insightful
  
  Also text is very disk corruption resistant compared to binary
  Thats a gross oversimplification; text is a subset of binary. Binary allows for things like journals and integrety checking.
57. Re:One of the advantages of Linux by lucm · 2011-12-02 02:10 · Score: 2
  
  On Windows there is a lot of built-in capabilities for log exploring in Powershell or even in VBS/WMI. A toolbox contains many tools, not just grep.
  Oh, so you like all that stuff over something as fool-proof, robust and simple as the grep? OK.
  I am curious: are you using a fool-proof, robust and simple approach such as print-fax-scan-ocr instead of that crazy thing called email? And when you assemble IKEA furniture, are you sandblasting the screws so they are easier to hammer down?
  
  --
  lucm, indeed.
58. Re:One of the advantages of Linux by jmitchel!jmitchel.co · 2011-12-02 03:08 · Score: 2
  
  What could cause the corruption:
  Cosmic rays, Bad sectors, Weird bugs
  
  Why is this a problem:
  "Unless it is very carefully done, this kind of format could lose a lot of logging data as the result of a relatively small corruption"
  (http://lwn.net/Articles/467892/)
Avoid binary please!! by Anonymous Coward · 2011-12-01 07:08 · Score: 4, Insightful

When everything else is failing ... you still need to be able to dig into the the syslogs reliably no matter what! One little hiccup and you can easily lose everything in most binary type implementations, while at worst you see a little garbage in the syslogs!
1. Re:Avoid binary please!! by errandum · 2011-12-01 07:19 · Score: 2
  
  The problem is, they can be easily cleaned. I see where they are coming from with this, to be honest.
  Instead of going binary they could just use a database system, with queries and whatnot. Each new application would bring a new table.
  This would deal with two things: With proper access configuration it'd be safe from tampering, and it'd be easy to dig through. The amount of garbage that ends up in the logs is mind numbing. (yeah yeah, I know grep works and I still think this would be a better solution)
2. Re:Avoid binary please!! by GameboyRMH · 2011-12-01 07:25 · Score: 5, Insightful
  
  Or just use a network log server, which is both better from a security standpoint and lets you keep your plaintext logs.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
3. Re:Avoid binary please!! by qbast · 2011-12-01 07:40 · Score: 2
  
  And this has been long solved - both rsyslog and syslog-ng can log to database.
4. Re:Avoid binary please!! by RedHat+Rocky · 2011-12-01 07:59 · Score: 4, Informative
  
  syslog is one of those things that needs to work when things break, so one can figure out what to fix.
  Making it more complicated with more things to go wrong goes against this purpose.
  Example:
  Hmm, database server is acting weird, wonder what's wrong? I'll check syslog. Hmm, syslog is toast. Ah.....
  
  --
  Anything is possible given time and money.
5. Re:Avoid binary please!! by Tomato42 · 2011-12-01 08:54 · Score: 2
  
  If there's one thing file systems have no problems dealing with, it's appending data to file. C has even special flags for this mode of access FFS!
6. Re:Avoid binary please!! by 0123456 · 2011-12-01 09:19 · Score: 2
  
  Bingo. When your system is failing horribly, which is more likely to work: writing text to a file, or writing data to an SQL database?
  99.9% of the time syslog data isn't of much value. The 0.1% when it is is the 0.1% when things aren't working right.
Just more things to break ... by tomhudson · 2011-12-01 07:09 · Score: 3, Interesting

Keep on fragmenting each distro ... at a certain point, people will just get tired of distro-hopping and dump the whole mess.
And people ask when the Year f the Linux Desktop will be. It's things likie this, and the constant breakage because of change for the sake of change or to "be different", rather than focusing on stability, that drive people to non-free vendors.
1. Re:Just more things to break ... by Synerg1y · 2011-12-01 07:12 · Score: 2
  
  Not to mention everybody who is running Red Hat in production, who will probably be forced to accept the new features if they like security updates.
2. Re:Just more things to break ... by LordLimecat · 2011-12-01 07:14 · Score: 4, Insightful
  
  Keep on fragmenting each distro
  
  The whole point of a distro is that it is DIFFERENT from the others around it, not that it is similar. They all have their strengths and weaknesses, and the various things they try can be pulled into other projects.
  For instance, Canonical has been talking about rolling Wayland in as a replacement for X in Ubuntu. It might be a phenomenal failure, or it might be incredibly successful. If it works well, Im sure RedHat, CentOS, Debian, etc will all pull it in as well, and some bit of progress will have been made. If it sucks and dies, well, that too is progress.
3. Re:Just more things to break ... by guruevi · 2011-12-01 07:26 · Score: 2
  
  You can also simply substitute your own binaries on the same platform. It's not because RH gives Syslog by default that you can't install Journal and vice versa. You can have them even running concurrently (where necessary). Most people and even sysadmins don't care what is running the logs as long as it's readable unless they're running a dedicated syslog server where any such changes will be monitored.
  The standard daemon for mail used to be Sendmail later Postfix. Yet people still run either out of necessity or preference QMail, Sendmail and I use personally a very simple forwarding daemon that sends it to my GMail account.
  THAT is the beauty of Open Source (and by extension GNU/Linux). If Windows slips in a new logger (or task bar, security center, .NET framework etc.) you can't replace it, in Linux you can take your bog-standard distro (Ubuntu, Red Hat) and replace piece by piece very simply.
  
  --
  Custom electronics and digital signage for your business: www.evcircuits.com
4. Re:Just more things to break ... by GameboyRMH · 2011-12-01 07:26 · Score: 2
  
  Hey before Ubuntu went off the deep end it really seemed like the Year of the Linux Desktop was this close!
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
5. Re:Just more things to break ... by RedHat+Rocky · 2011-12-01 07:53 · Score: 2
  
  Pfffpt. It's either bitch because things change or bitch because things DON'T change fast enough.
  There will always be someone who is unhappy, change or not.
  Linux will continue to succeed BECAUSE there are choices.
  
  --
  Anything is possible given time and money.
6. Re:Just more things to break ... by mlts · 2011-12-01 07:58 · Score: 2
  
  Believe it or not, this is one selling point for AIX. IBM touts that if it runs in an earlier version of AIX, it almost certainly will run on AIX 7. In fact, IBM actually has a binary compatibility guarantee that anything running on AIX 5.x or 6.x will run on the latest version.
  Of course, change is important, because an OS that ends up stagnant will eventually fall to the wayside, but in a production environment, people want to have to change as little as possible during an upgrade cycle.
7. Re:Just more things to break ... by marcosdumay · 2011-12-01 09:37 · Score: 2
  
  You are already on Ubuntu... Change to Debian. You can get it without all the opinions.
  
  --
  Rethinking email
Error prevention? by esocid · 2011-12-01 07:10 · Score: 3, Insightful

Not that it bothers me, but in forums people are quick to point out that they think Fedora's choice of kernel numbering is stupid. I mention I'm on 2.6.41.1-1.fc15.x86_64, and the first response is, "that kernel doesn't exist." (And yes, Fedora will move to the standard numbering scheme with 17 if I'm not mistaken)
I've found most of RH's decisions to do something their way is to prevent problems down the road. Same for kernel numbering, it was supposedly to prevent repo errors. I don't know for certain, but I'd expect this to also be the case here.

--
Absolute power corrupts absolutely. indymedia
1. Re:Error prevention? by broken_chaos · 2011-12-01 07:29 · Score: 3, Insightful
  
  I can understand the kernel numbering issue -- the 3.0+ kernels are functionally unchanged from the late 2.6 series, but the version number change did break some userspace tools/scripts that (in a poor, but understandable, decision) relied upon the kernel version, often as being in the 2.6 series. Of course, this was a holdover from the old huge swap from 2.4 to 2.6, where almost everything changed.
  With Linus suddenly deciding, "Hey, this version is now 3.0, even though there are no compatibility-breaking changes from the last 2.6 kernel.", some of those userspace tools/scripts broke in unexpected ways with version checks, but didn't actually break in effect. So re-numbering the kernel to stave off needing to immediately fix them without much warning was a fairly reasonable thing to do, for the short term.
  Overall, I agree with the decision to move to the 3.0 version numbering, though a bit more warning may have helped. Considering just how much the kernel development cycle changed from the 2.4/2.6 transition (namely in there never being a 'full' development branch), making a very clear, albeit arbitrarily timed, version number swap seems sensible to me.
2. Re:Error prevention? by LordLimecat · 2011-12-01 07:44 · Score: 2
  
  Overall, I agree with the decision to move to the 3.0 version numbering, though a bit more warning may have helped.
  
  "A bit more warning" is why we're still on IPv4 (though im grossly over-simplifying).
3. Re:Error prevention? by parf · 2011-12-01 07:44 · Score: 2
  
  they fixed user tools in fc16 $ rpm -qa | grep kernel kernel-3.1.2-1.fc16.x86_64
Whining by some guy with a log analyzer by Animats · 2011-12-01 07:15 · Score: 4, Insightful

This is just whining by some guy who wrote a log analyzer that will no longer be necessary.
QNX has had a simple structured log daemon for years. Reading their log never tails off into junk; you always get a clean, current last record. Their solution even works on diskless systems. In many real-time applications, logs are transmitted to some remote location, rather than being kept on each local machine.
1. Re:Whining by some guy with a log analyzer by errandum · 2011-12-01 07:32 · Score: 2
  
  Excuse me, it's true their logging facility might be good, but I was under the impression that the junk you see are the junk applications send, so I have no clue how QNX deals with that.
  And sending them to a remote location is possible in linux already.
  Never tried to use linux in a diskless system though, so I have no idea how syslog would react.
2. Re:Whining by some guy with a log analyzer by CAIMLAS · 2011-12-01 07:45 · Score: 2
  
  I don't see you describing anything which isn't possible (and common) with the syslog format. Most environments have remote syslog servers, you can filter events by event type, etc. and you can get a "clean, current last record" in a number of ways quite trivially (tac or last -f, pick your poison).
  Changing from syslog format will cause all sorts of problems. There are literally thousands of syslog analyzers in use, custom scripts, and people who use common utilities (such as the above, plus grep/sed/awk/etc.) to monitor and manipulate the files into something else. I personally use half a dozen different tools for this, such as Fail2Ban and loganalyzer. Many of these ship on the default install on systems because they're useful (targetting specific functionality on top of the very specific and minimal functional role of syslog).
  
  --
  ~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Re:First post by pscottdv · 2011-12-01 07:17 · Score: 4, Funny

It's almost like there are people reading the article before they post! That way lies madness!!

--
this signature has been removed due to a DMCA takedown notice
Is he not aware? by C_Kode · 2011-12-01 07:20 · Score: 3, Insightful

Is he not aware how terrible syslog is? syslog is ancient and has several series flaws from security to just stupid limitations. It should have been replaced ages ago.
1. Re:Is he not aware? by Nos. · 2011-12-01 07:29 · Score: 4, Informative
  
  syslog the application or syslog the protocol? syslog the application? Yes, its past due, and things like rsyslog are much better.
  syslog the protocol is fine.
  The problem with this proposed replacement is that it does not fix anything. The only advantage it gives is to be able to tell if the logs were altered. That's it. You're far better off with a secondary/centralized logging system. Store your logs in text, compressed, encrypted, in a database, it doesn't matter. Just get them to a different location and then not only can you tell that the originals were altered, you can tell what was removed. All while using existing tools.
That works both ways by Anonymous Coward · 2011-12-01 07:32 · Score: 5, Insightful

You will also be stuck with all the good choices they make.
Reading what they are proposing it seems that is actually a very good idea. When you get out of hobbyist and small environments and into environments with more demanding requirements about security auditing the traditional syslog has not cut it for years anymore. The first step in many environments is usually to rip it mostly off and replace with some more or less proprietary environment.
The new ideas such as improving the reliability of log shipping, reducing possibilities towards tampering, and improving chances for more advanced log analysis are really awesome things - especially for people who are serious about their logging. Syslog and its text format are legacy poison and it will be good to see them die and vanish. Hopefully that happens fast.
Also, keep in mind that that RedHat is still open sourcing that stuff. They will provide tools and APIs - as they require those also themselves.
1. Re:That works both ways by mlts · 2011-12-01 07:46 · Score: 4, Insightful
  
  Even though the syslog is in a binary format, it would be nice to have it also stored in text as well. For example, on some sensitive machines, I would have the syslog redirect to an IBM3151 serial terminal for real time monitoring. This way, I could immediately tell if a job started at its appropriate time, finished, or caused issues.
  IMHO, the best way RedHat should implement this is similar to how AIX does logging. It has its own format for logs that are read using the errpt command. However, one can turn on plain old syslog logging and have that able to be stored in a file, forwarded to a log server, or shipped via a serial connection to a secure log drop that has no network access. It would be nice to have a signed, secure format for logs, but also nice to have plain text to watch in realtime and search from without requiring specialized commands.
2. Re:That works both ways by LWATCDR · 2011-12-01 08:38 · Score: 3, Informative
  
  Well yes you can.
  If you read the post from the developer
  "My application needs traditional text log files on disk, can I configure journald to generate those?
  No, you can’t. If you need this, just run the journal side-by-side with a traditional syslog implementation like rsyslog which can generate this file for you."
  Just run journal and rsyslog and you have both systems in place.
  Untile journal does everything odds are that it will be run with rsyslog in parallel. A boots and suspender type of solution. if you want to have it also generate a traditional syslog I would think that adding that functionality wouldn't be all that hard. If needed someone will add that feature.
  
  --
  See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
3. Re:That works both ways by Cyberax · 2011-12-01 09:06 · Score: 2
  
  "My application needs traditional text log files on disk, can I configure journald to generate those?"
  Well, I'm going to write a FUSE filesystem that allows to read Journal files as if they were simple text log files. With features like customizable representation.
4. Re:That works both ways by alcourt · 2011-12-01 11:03 · Score: 4, Interesting
  
  Actually, I work in security logging in a very large environment. The last thing we permit is ripping out syslog on generic systems. We do send a copy of the logs to a central system, but we don't allow the client systems to be touched.
  The central copy cannot be tampered with. The local copy is not for security, but stability and immediate usage.
  There is no such thing as a secure local log, and pretending otherwise is shameful. As to reliability, you get to pick between two evils. The possibility of logs not being delivered, or the possibility of logs not being delivered. The more complex the protocol, the more likely it is that a message gets devoured by the system. Simple protocols may not have guaranteed delivery, but their simplicity has actually helped ensure things just Don't Go Wrong.
  
  --
  "I may disagree with what you say, but I will defend unto the death your right to say it." -- Voltaire
5. Re:That works both ways by sjames · 2011-12-01 14:10 · Score: 2
  
  The most secure logging of all is to send it out to a line printer behind a vault door. Try editing that after you root the machine!
Are Linux Fans Really About Innovation? by assertation · 2011-12-01 07:36 · Score: 2, Insightful

It seems like every time a distro tries to innovate they get a lot of screaming from the linux community.
There is this change, the screaming about Ubuntu going with Unity, screaming with every change GNOME makes.
Is the FOSS really about innovation or just mouthing the words?
1. Re:Are Linux Fans Really About Innovation? by jd · 2011-12-01 08:29 · Score: 4, Insightful
  
  Innovation is fine. Invention is better, but if you can't have that then innovation makes a decent replacement. However, Unity isn't really inventive or innovative, and attempting to force someone to use one DWM is definitely a regression.
  You are confusing change/novelty with creativity. They're not the same.
  And, yes, there SHOULD be push-back. Once it goes past the early adopters, it will make its way to the Real World(tm) where the REAL critics hold multi-million dollar contracts in one hand and a fine sherry in the other. Those critics know nothing about the value of technology, but they know the price of everything, especially that of technology. You WANT the flaws ironed-out before then. You WANT to have put the software not just through the reliability and quality tests but also through the user acceptability tests and the PR tests. You WANT well-tempered systems, honed to damn-well near perfection.
  Because, in the end, without those multi-million dollar contracts, the Ubuntus and the Red Hats of the world simply aren't going to bother. There won't be any development at all if we lose the big players at this stage. Linux isn't a garage development project any more, or hadn't you seen the kernel contribution stats on LWN? We NEED the corporations to want to invest not just the time and money they're spending now but more of it. And we won't get that without the PHBs.
  Do the PHBs care about Unity or loggers? Directly, no. They care about image and if the unwashed masses turn away from Linux, that's bad image. If there's a security flaw, that's major bad image. If it costs more for the developers to do the same amount of work because of added inefficiencies, especially when the shareholders are baying at the door, that's lethal image. Doesn't matter if Windows would be worse, PHBs won't think like that. Linux is a gamble and it HAS to pay and pay big.
  
  --
  It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
2. Re:Are Linux Fans Really About Innovation? by jmitchel!jmitchel.co · 2011-12-01 08:45 · Score: 2, Insightful
  
  The wise professional is intensely mistrustful of innovation. Innovation introduces new failure modes and deprecates tested methods and experience. Innovation is always born half baked, unreliable and unsupported. By the time all the problems are solved with a given innovation, it's design will typically prove to be just as compromised and unsexy as its predecessor - and then the cycle of "innovation" repeats. Some innovations have sufficient value to overcome their costs - many don't.
  
  And who said that OSS was about innovation?
3. Re:Are Linux Fans Really About Innovation? by visualight · 2011-12-01 15:21 · Score: 2
  
  This isn't about innovation. This is about Lennart wanting to control a few key pieces so that he can unilaterally remove obstacles to his own ideas.
  IMO, to date, he has not solved one real problem, and I don't understand why anyone listens to him. His ideas are terrible.
  
  --
  Samsung took back my unlocked bootloader because Google wants me to rent movies. They're both evil.
Re:First post by LordLimecat · 2011-12-01 07:39 · Score: 2, Informative

Mod parent troll, Slashdot doesnt have articles, only comment threads. At least _IVE_ never seen any articles.
Control by mpol · 2011-12-01 07:42 · Score: 2

I'm not sure, but I get the feeling that different groups in the opensource community are struggling to get control of their platform. Gnome peeps are doing their own thing, Ubuntu heads off in another direction. Red Hat does their own things.
The last 8 years were somewhat mixed in this regard. There was cooperation, like on freedesktop.org, but olso fragmentation and diversification. Now it all seems to fall apart somewhat. I don't see the different groups come together.
I'm really not fond of some things that are happening, like Systemd and all the other incompatible SysVinit systems. Also the mess that are the main desktops now. Then this new syslog proposal. I doubt other distro's will take this, I expect they will stick with syslog or syslog-ng.
For myself I think I'm going with Debian (testing that is) soon. Once old-school just meant old stuff, but nowadays it almost sounds like the best thing there is. All the new software with less bugs, but not the crummy new inventions which you'd rather let pass by.

--

Well, don't worry about that. We can get you back before you leave. (Dr. Who)
Re:Good by jandrese · 2011-12-01 08:20 · Score: 3, Informative

That is probably the only time I've ever heard Microsoft's system logging compared favorably with anything. In my many years of administering systems, I have yet to ever get a useful piece of information out of any of those logs. It's like there's a requirement somewhere that only useless messages are allowed to be logged, and anything that might help an administrator (like an error message when something crashes for instance!) must never appear. Even if the error is something stupid like a permissions issue, you don't get a Linux like "Permission denied on c:/blah/blah/blah", at most you'll get a "An error occurred" or other worthless message.

--

I read the internet for the articles.
Re:RedHat Considered Harmful by rjmx · 2011-12-01 08:22 · Score: 2

Uh-huh. Have you always specialised in cheap shots, or is this a new development?
You're ignoring the size of the redhat customer base and its extensive use in enterprise systems (my own included). If this crap catches on, it's likely to spread to the other distributions; it's best to stop this exercise in change-for-change's-sake before it catches on.
To explain the point about dbus: originally, as a desktop IPC bus, it probably wasn't such a bad idea. It seems, however, to have spread beyond that point: it starts early in the boot process, and seems to be used by more and more processes every time I look. This might not be so bad if it was well-designed, but it's not: chief among my objections to it is the requirement for a reboot every time the thing gets upgraded (or, presumably, crashes). This is one of the things we all bashed Windows over for years and years -- and now that Microsoft seems to be improving in that respect, Linux starts to require it. This is progress????
Re:RedHat Considered Harmful by LWATCDR · 2011-12-01 08:43 · Score: 2

You are ignoring that you can install rsyslog and run it and journal at the same time if need be.
You can have both styles of logs....

--
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
we didnt get to be by nimbius · 2011-12-01 08:48 · Score: 2

linux by just doing what we've always done. if we did, Linus would still be grading papers, Stallman would probably use use BSD, and the phone in my pocket would probably never exist.
part of what makes me love linux is the undying urge to try something new. granted, thats not everyones opinion. its a bunch of nerds and hackers and really cool people coming together and having the courage to say, "i just made this new thing."

To Red Hat: thanks for trying something new. i really hope it works out and im eager to try it too. just remember, haters are always going to hate. and because its the community that makes up linux, theres a linux for them too.

--
Good people go to bed earlier.
Re:Good by 0123456 · 2011-12-01 09:57 · Score: 2

Clearly you are clueless at reading Windows logs. Which is godawfully surprising since how easy it is.
It's easy because there's nothing of value in them.
'Service LoadsaBollocks crashed and restarted'.
Yep. That's real helpful.
When I replaced the disk on my laptop I was having a hard time figuring out why Windows didn't work after I reinstalled it, and the only useful message was something about 'Cryptographic service failed to start'. Eventually, a few hours later, I managed to figure out that what it really meant was 'Your recovery disk installed some kind of third-party 'disk accelerator' crap which doesn't work so I can't read the cryptograpy keys from the disk. Please uninstall that garbage'.
A little message like 'Cryptographic service couldn't read the key files' would have been a heck of a lot more useful.
Better Database + Log Files by rathaven · 2011-12-01 10:35 · Score: 3, Insightful

The issue is based on what you need in different scenarios and to meet that I can't see anything wrong in doing both writing to syslog and a database.

Why do both? In larger systems the amount of data is difficult to cross reference and analyse as files due to the amount of sources, size of data, tools to visualise it all, etc. Writing syslog data to centralised syslog services that do use database backends to centralise logs and query/report against them are a key tool in these scenarios. Its one of a number of interfaces you have to analyse what is taking place on your systems.

However, I'd rather use the simplest method of getting log information out of a system if I'm going to use it for debugging an odd situation. There are situations where the overhead of writing to a database or a write remote data might fail and cause no debug information to be written. I'd rather a simple logging system locally.
Re:Good by El_Oscuro · 2011-12-01 13:15 · Score: 2

At the very least a unified format similar to Microsoft's format would be nice.
Event Viewer - The Event log file is corrupt
The description for Event ID ( 50 ) in Source ( SomeService ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer.
Nice indeed.

--
"Be grateful for what you have. You may never know when you may lose it."
internationalization by bored · 2011-12-01 14:03 · Score: 2

I didn't see anyone else mention this, but on windows and AIX, one of the reasons for using a binary log format is internationalization. Log messages are little more than application/facility id, log id, and parameters. The when the user displays the message the ids are looked up in a localization table and formatted according to the attached parameters.
Re:it doesn't even have that advantage by sjames · 2011-12-01 14:59 · Score: 2

If you have write access to the database...