[prev in list] [next in list] [prev in thread] [next in thread] 

List:       opensuse
Subject:    Re: [opensuse] Re: Why are systemd's logs stored as binaries?
From:       John Andersen <jsamyth () gmail ! com>
Date:       2016-12-23 20:40:03
Message-ID: 247412a4-1681-81d5-9783-c938434505e4 () gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/mixed)]


On 12/23/2016 03:44 AM, Carlos E. R. wrote:
> On 2016-12-22 21:53, L A Walsh wrote:
>> Anton Aylward wrote:
>>> On 12/22/2016 09:07 AM, Carlos E. R. wrote:
>>>
>>>> Is it reliable? Can we trust the journal to work and not loose 
>>>> anything in, say, two years time, even after upgrades?
>>>>
>>>
>>> You've descended into the stage of a ridiculous argument,
>>> Carlos.
>>>
>> --- Not really.  He points out that ng-syslogd already logs to
>> binary in a way that can be read by current DB viewers.
> 
>> So far, journeld has no tool support as it was designed from
>> scratch providing no or limited compatibility.  For example,
>> someone may want to keep logs related to logins going back 3 years,
>> but not everything else.
> 
>> I have specific logs going back insanely log... squid logs back to
>> 2010, for example.  I see some old spamd logs from 2009 -- gotta
>> clean these out..
> 
>> But they are all still readable using "more"...
> 
>> To ask that such info be readable only 2 years in the future, is a 
>> *ridiculously* small amount.  To call wanting such, ridiculous by
>> any measure is just naive, ridiculous or senile (having forgotten
>> that such basic needs were met ages ago by the previous log system,
>> but now need to be re-invented w/a new log system).  Remember, by
>> default journald was designed for volatile storage, w/working store
>> on SSD's.  Not your typical logging system.
> 
> Thanks. Yes, that is so.
> 
> Journal brings wanted features, like data integrity (I doubt it, but
> nevertheless lets accepts it does have it). Ie, it guarantees that the
> data has not being altered and that it was issued by the parties it
> says, not faked. Well, to be of use to a party that needs to keep logs
> (legally or not), it also has to prove that it can be accessed in a
> number of years and that it can be backed up. If the data has to be
> dumped to text the integrity is broken.
> 
> 

But journald is just the first destination of log messages Carlos, as you have
pointed out in other posts.

It is not intended, nor does it pretend to provide a single solution.  You and
others have pointed out how to short circuit it to any other logging engine,
for those special case situations where ISPs or such need legal logs.

So once again TEMPEST IN A TEAPOT.

And no, there is no legal requirement in any country that states logs lose
authenticity simply because they were dumped to text.  You made that up!!
Old logs are already compressed routinely, and decompressing them and printing
them out has nevee cause a judge or Magistrate to toss them out of court.
Find me ONE case law example of this happening in any jurisdiction in the world!!!

If SLES wasn't so ridiculously expensive nobody running a business would use
opensuse in any capacity that had legal requirements.



-- 
After all is said and done, more is said than done.


["signature.asc" (application/pgp-signature)]
-- 
To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse+owner@opensuse.org


[prev in list] [next in list] [prev in thread] [next in thread]