Thursday 12 January 2017

Re: Make systemd journal persistent | remove rsyslog (by default)

On Thu, 2017-01-12 at 10:50 -0500, Bryan Quigley wrote:
> We could explicitly keep rsyslog supported in main for at least 18.04
> for the for those who need it (or indefinitely if we find it's still
> needed for remote enterprise logging).   I was thinking that we might
> have to keep it in main until 18.04 anyway for upgrades.
>
I think this would be a hard requirement if it was decided on the switch.

Another thing that came to mind is 'logcheck' (in main) for log auditing and I
don't think it understands systemd-journald log format. logcheck is not
installed by default of course, but it is another package useful in enterprise
environments. If the standard logs are removed, then installing logcheck won't
work by default and additional steps need to be performed to install rsyslog
(and make sure systemd-journald forwards to it).

There are two things here:
1. make systemd journal persistent
2. avoid duplicate logs from rsyslog

Why not just do '1' and let rsyslog remain? The standard logs are rotated so
this shouldn't be overly burdensome. Have you measured how much the duplicate
logs would take on a typical system?

> Kind regards,
> Bryan
>
>
> On Wed, Jan 11, 2017 at 5:32 PM, Jamie Strandboge <jamie@canonical.com> wrote:
> >
> > On Wed, 2017-01-11 at 08:29 +0100, Martin Pitt wrote:
> > >
> > > Jamie Strandboge [2017-01-10 16:27 -0600]:
> > > >
> > > >
> > > > Remote logging. Rsyslog is far superior in this regard. Granted, remote
> > > > logging
> > > > is not enabled by default but it is a requirement in many environments.
> > > The systemd-journal-remote package does provide the necessary tools and is
> > > reasonably flexible (push or pull, builtin https or using arbitrary ports
> > > which
> > > you e. g.  could forward through ssh). It might not be as flexible as
> > > rsyslog,
> > > but as one needs to set up remote logging manually anyway, you always have
> > > the
> > > possibility of picking rsyslog, journal, or even something else.
> > >
> > Yes, but the 'logged to' system needs to be running systemd[1]. rsyslog
> > speaks
> > the standard syslog protocol on 514/udp, but systemd-journal does not.
> >
> > [1]https://www.freedesktop.org/software/systemd/man/systemd-journal-remote.h
> > tml
> >
> > --
> > Jamie Strandboge             | http://www.canonical.com
> >
> >
> > --
> > ubuntu-devel mailing list
> > ubuntu-devel@lists.ubuntu.com
> > Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo
> > /ubuntu-devel
> >
--
Jamie Strandboge | http://www.canonical.com