Ubuntu (Score: 1) by zenbi@pipedot.org on 2015-07-27 08:09 (#FJ12) Probably better for Ubuntu than Upstart. They never really finished moving from SysV Init scripts to Upstart Init scripts. At least now they have one less one-off NIH project. Now if the Wayland people can convince them to give up on Mir...My quibble with systemd is with the binary log files. There may be some workarounds to get normal text logs out of the journal, but I'd rather not have to do such things by default. Re: Ubuntu (Score: 1) by billshooterofbul@pipedot.org on 2015-07-28 14:24 (#FPHZ) I really wonder what's behind the binary log complaints. If the format is open and the file gets corrupted, its still easily to figure out the content. Its not encrypted Re: Ubuntu (Score: 2, Interesting) by Anonymous Coward on 2015-07-29 08:07 (#FS4P) Corruption is rarely relevant when it comes to logs. Logs in important systems are frequently archived, and as any backup they are stored in a reliable manner. The single most important thing about logs is how they are USED. If you just let the logs sit on your HDD, then there's no point in collecting them (increase your logging level to ERROR and be done with it). I, on the other hand, use logs to audit systems continuously, and if some software is introduced that makes it more difficult to analyze the logs then it is a serious problem for me.The problem I have with journald is that it makes handling the logs more complicated, without providing any benefit compared with alternative solutions. The alleged benefits (e.g. binary logs) are already implemented in all other systems, and those implementations are more thought-through than those of the SystemD-team, as each development team can focus on polishing a single tool rather than a beowulf of programs (this is the Unix-philosophy in a nutshell). Storing logs as binary files, for example, is either done using logrotate (for archiving in compressed files) or by forwarding selected parts of the syslog stream to a database (for future analysis).Therefore, the only way to make useful log analysis with JournalD is to configure it to forward everything to regular syslog, and add your regular analysis tools to the syslog stream. This means that in a system with both log analysis and SystemD, journald is an extra step in your pipeline which doesn't contribute with any functionality. In addition, this means that all logs (which are generated as text) must be converted into binary only to be re-converted back to text before being forwarded to analysis tools.Now you're probably saying that tools can read the binary files straight-up in order to make things more efficient. This is true, but the problem is that there are programs which log to their own logfiles, rather than passing their logs via the syslog functionality. This means that the log analysis solution must still be capable of handling text files. This means that you must have support for both the binary format and the text format, rather than (as with other solutions) just handling text files. This (once again) increases complexity without adding any value, which is bad.Tl;dr: Fuck Journald. Re: Ubuntu (Score: 1) by billshooterofbul@pipedot.org on 2015-08-04 17:02 (#GDGG) That is a unique argument that I have not heard. I don't find it to be very persuasive. Journald is better than syslog and other alternatives in many ways. But it is a change, and as such there will always be people who cry "change for no reason!!!" because they don't see or understand the benefit from the change and have to make changes to their existing work flow. There are reasons, and they are documented. The only relevant argument against has been existing tooling needing syslog.
Re: Ubuntu (Score: 1) by billshooterofbul@pipedot.org on 2015-07-28 14:24 (#FPHZ) I really wonder what's behind the binary log complaints. If the format is open and the file gets corrupted, its still easily to figure out the content. Its not encrypted Re: Ubuntu (Score: 2, Interesting) by Anonymous Coward on 2015-07-29 08:07 (#FS4P) Corruption is rarely relevant when it comes to logs. Logs in important systems are frequently archived, and as any backup they are stored in a reliable manner. The single most important thing about logs is how they are USED. If you just let the logs sit on your HDD, then there's no point in collecting them (increase your logging level to ERROR and be done with it). I, on the other hand, use logs to audit systems continuously, and if some software is introduced that makes it more difficult to analyze the logs then it is a serious problem for me.The problem I have with journald is that it makes handling the logs more complicated, without providing any benefit compared with alternative solutions. The alleged benefits (e.g. binary logs) are already implemented in all other systems, and those implementations are more thought-through than those of the SystemD-team, as each development team can focus on polishing a single tool rather than a beowulf of programs (this is the Unix-philosophy in a nutshell). Storing logs as binary files, for example, is either done using logrotate (for archiving in compressed files) or by forwarding selected parts of the syslog stream to a database (for future analysis).Therefore, the only way to make useful log analysis with JournalD is to configure it to forward everything to regular syslog, and add your regular analysis tools to the syslog stream. This means that in a system with both log analysis and SystemD, journald is an extra step in your pipeline which doesn't contribute with any functionality. In addition, this means that all logs (which are generated as text) must be converted into binary only to be re-converted back to text before being forwarded to analysis tools.Now you're probably saying that tools can read the binary files straight-up in order to make things more efficient. This is true, but the problem is that there are programs which log to their own logfiles, rather than passing their logs via the syslog functionality. This means that the log analysis solution must still be capable of handling text files. This means that you must have support for both the binary format and the text format, rather than (as with other solutions) just handling text files. This (once again) increases complexity without adding any value, which is bad.Tl;dr: Fuck Journald. Re: Ubuntu (Score: 1) by billshooterofbul@pipedot.org on 2015-08-04 17:02 (#GDGG) That is a unique argument that I have not heard. I don't find it to be very persuasive. Journald is better than syslog and other alternatives in many ways. But it is a change, and as such there will always be people who cry "change for no reason!!!" because they don't see or understand the benefit from the change and have to make changes to their existing work flow. There are reasons, and they are documented. The only relevant argument against has been existing tooling needing syslog.
Re: Ubuntu (Score: 2, Interesting) by Anonymous Coward on 2015-07-29 08:07 (#FS4P) Corruption is rarely relevant when it comes to logs. Logs in important systems are frequently archived, and as any backup they are stored in a reliable manner. The single most important thing about logs is how they are USED. If you just let the logs sit on your HDD, then there's no point in collecting them (increase your logging level to ERROR and be done with it). I, on the other hand, use logs to audit systems continuously, and if some software is introduced that makes it more difficult to analyze the logs then it is a serious problem for me.The problem I have with journald is that it makes handling the logs more complicated, without providing any benefit compared with alternative solutions. The alleged benefits (e.g. binary logs) are already implemented in all other systems, and those implementations are more thought-through than those of the SystemD-team, as each development team can focus on polishing a single tool rather than a beowulf of programs (this is the Unix-philosophy in a nutshell). Storing logs as binary files, for example, is either done using logrotate (for archiving in compressed files) or by forwarding selected parts of the syslog stream to a database (for future analysis).Therefore, the only way to make useful log analysis with JournalD is to configure it to forward everything to regular syslog, and add your regular analysis tools to the syslog stream. This means that in a system with both log analysis and SystemD, journald is an extra step in your pipeline which doesn't contribute with any functionality. In addition, this means that all logs (which are generated as text) must be converted into binary only to be re-converted back to text before being forwarded to analysis tools.Now you're probably saying that tools can read the binary files straight-up in order to make things more efficient. This is true, but the problem is that there are programs which log to their own logfiles, rather than passing their logs via the syslog functionality. This means that the log analysis solution must still be capable of handling text files. This means that you must have support for both the binary format and the text format, rather than (as with other solutions) just handling text files. This (once again) increases complexity without adding any value, which is bad.Tl;dr: Fuck Journald. Re: Ubuntu (Score: 1) by billshooterofbul@pipedot.org on 2015-08-04 17:02 (#GDGG) That is a unique argument that I have not heard. I don't find it to be very persuasive. Journald is better than syslog and other alternatives in many ways. But it is a change, and as such there will always be people who cry "change for no reason!!!" because they don't see or understand the benefit from the change and have to make changes to their existing work flow. There are reasons, and they are documented. The only relevant argument against has been existing tooling needing syslog.
Re: Ubuntu (Score: 1) by billshooterofbul@pipedot.org on 2015-08-04 17:02 (#GDGG) That is a unique argument that I have not heard. I don't find it to be very persuasive. Journald is better than syslog and other alternatives in many ways. But it is a change, and as such there will always be people who cry "change for no reason!!!" because they don't see or understand the benefit from the change and have to make changes to their existing work flow. There are reasons, and they are documented. The only relevant argument against has been existing tooling needing syslog.