Slashdot Mirror

← Back to Stories (view on slashdot.org)

Red Hat's Linux Changes Raise New Questions

Posted by timothy on from the source-is-open-start-your-own-distro dept.

itwbennett writes "Last month two Red Hat developers proposed to replace the 30-year-old syslog system with a new Journal daemon. Initial reaction was mostly negative and 'focused on the Journal's use of a binary key-value form of data to log system events,' says blogger Brian Proffit. But now, says Proffitt, it seems that the proposal to replace syslog has less to do with the fixing syslog's problems than with Red Hat's desire to go its own way with Linux infrastructure."

14 of 433 comments (clear)

  1. One of the advantages of Linux by Todd+Knarr · · Score: 5, Insightful

    That's one of the advantages of Linux: RedHat can go their own way without needing the rest of us to buy in, and without really messing things up for us. If they provide a reasonable API, it'll either be compatible with syslog with a simple library substitution or we'll quickly see a wrapper library that allows programs to use either syslog or Journal without needing code changes.

    I think going to binary's a bad idea, myself. The fewer tools you need working to find out what the error is, the easier it is to debug and fix the problem. But let RedHat try this and see how it works, and then we can decide once we've got some real-world data to compare.

    1. Re:One of the advantages of Linux by LordLimecat · · Score: 5, Interesting

      There are advantages to not having everything in ascii text, or else we would never see relational databases used for anything. You are right that we will see. I like plain text logs because I am still learning the ins and outs of the major Linux breeds, and not having to learn a special tool for every config file and log makes things easier; but I wont say that there couldnt be benefits to a more robust system.

    2. Re:One of the advantages of Linux by MightyMartian · · Score: 5, Insightful

      No matter your experience, plain-text logs make more sense, especially in *nix operating systems. You have a vast array of tools to search log files with; my favorites being tail and grep. The minute you go to binary logging your options shrink or you end up having to use additional tools to reconvert it to text (ie. the Windows event log).

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    3. Re:One of the advantages of Linux by LordLimecat · · Score: 5, Insightful

      Not quite true. If PHB insists on RHEL, you're stuck coping with whatever poor choices they make.

      Package management: use it. I would be very surprised if RedHat prevented you from installing whatever logging facility you wanted on your server.

    4. Re:One of the advantages of Linux by Anonymous Coward · · Score: 5, Informative

      Nobody Ever Got Fired For Buying IBM

      - GameboyRMH (bloody post limiter!)

    5. Re:One of the advantages of Linux by LordLimecat · · Score: 5, Interesting

      Looks like they're pulling the same shit Ubuntu pulled with upstart (init replacement). "Let's replace something simple and elegant with something complex, incomplete, and very difficult to fix when it goes wrong".

      One could make that argument about solid-state electronics, the move away from punch-cards, the move from paper-based filing, the move to journaled filesystems, etc.

      Sometimes progress means letting go of the past, and sometimes it takes a while to fully bake; thats why RedHat doing the QA, testing, and development for the rest of us is a good thing. If it sucks, it will die, and noone really has to acknowledge that it ever existed.

    6. Re:One of the advantages of Linux by epiphani · · Score: 5, Informative

      Agreed. I submitted this post yesterday, by the lead developer for rsyslogd (the most common syslog daemon in linux these days). He makes the point that most of the complaints made are actually wrong if they'd bothered to look at the last 10 years of development and IETF work around syslog.

      --
      .
    7. Re:One of the advantages of Linux by DiegoBravo · · Score: 5, Insightful

      Many times with a (semi)broken operating system, you don't have all the usual tools.... sometimes your only clue is a syslog driven console text message.

    8. Re:One of the advantages of Linux by Hatta · · Score: 5, Insightful

      If it sucks, it will die.

      On what do you base this assumption? History is littered with sucky technologies that became standard because someone important was pushing it.

      --
      Give me Classic Slashdot or give me death!
    9. Re:One of the advantages of Linux by Tomato42 · · Score: 5, Interesting

      Just yesterday I was debugging why my syspreped Win 7 images weren't installing properly. So I go to sysprep directory and start reading the text log. It didn't have any useful info. So I grabbed the binary log and tried to import it on the same machine in pre-exec environment. It couldn't do it. So I copied it to different computer and tried to open it there, the system claimed that the file was damaged. After 4 hours of struggle to read, copy or convert the bloody thing I went the "Microsoft recommended way" (seriously, that's the solution they suggest in MSKB) and bisected which program caused the install failure. In "only" 6 reinstalls I finally found the culprit.

      If it was a Linux distro, a simple cat or tail would have sufficed and it would have been a 15 minute job, not 2 days. If they want my text logs they will have to pry it from my cold dead hands.

    10. Re:One of the advantages of Linux by MightyMartian · · Score: 5, Informative

      MySQL requires the daemon to be running, or at least access to some utility with the MySQL library. If a system has crashed or has reduced functionality due to system problems, a text log that can be scanned with the basic *nix stdio tools is a helluva lot more useful than a binary log.

      I hate the Windows eventlog and binary logs in general precisely because they become rapidly less accessible the more issues a system has, which is quite often why you need to delve into syslog anyways. What exactly is the point to reinventing the wheel?

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    11. Re:One of the advantages of Linux by mabhatter654 · · Score: 5, Insightful

      Wow.. I forget there are OSes that don't have serial panel output for error codes! Or Operator "key" codes to force diagnostic modes?

      Coming from an AS400 background this article shows how silly "normal" system management is. To answer the parent, the system can be issued boot time commands in HARDWARE (which are also available for virtual machines) that will bring the system to a minimal "restricted" console state. That's like a cornerstone of the system and IBM doesn't mess with that.

      Next, the proposal Red Hat has is a very AS400 concept. The History Log (QHST) and the Security Audit Journal (QAUDJRN) are both binary structures that have hard-coded readers built into the kernel. The system maintains internal integrity of the files with extra fields you never see. Of course the AS400 native file system is "DATABASE"-based. So any command that outputs from these displays to a screen or to something that can be instantly searched with SQL.

      I'm certain that is what they are trying to make here. Ultimately in security you care about the integrity of the logs more than even recovering the system... Especially when to don't have to restart for a year at a time or more. Frankly, they should add an output option for SQLite file types and everybody can be happy.

      Realize that when places like banks use AS400's they mirror the raw audit journals off to another system, often hundreds a day. Because the are binary journals, they are difficult to tamper with because they interlink with eachother. Yet at the same time because they are a data type programs can monitor them for specific events automatically and it's trivial to set up actions to take.

  2. Re:Avoid binary please!! by GameboyRMH · · Score: 5, Insightful

    Or just use a network log server, which is both better from a security standpoint and lets you keep your plaintext logs.

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
  3. That works both ways by Anonymous Coward · · Score: 5, Insightful

    You will also be stuck with all the good choices they make.

    Reading what they are proposing it seems that is actually a very good idea. When you get out of hobbyist and small environments and into environments with more demanding requirements about security auditing the traditional syslog has not cut it for years anymore. The first step in many environments is usually to rip it mostly off and replace with some more or less proprietary environment.

    The new ideas such as improving the reliability of log shipping, reducing possibilities towards tampering, and improving chances for more advanced log analysis are really awesome things - especially for people who are serious about their logging. Syslog and its text format are legacy poison and it will be good to see them die and vanish. Hopefully that happens fast.

    Also, keep in mind that that RedHat is still open sourcing that stuff. They will provide tools and APIs - as they require those also themselves.