Make systemd journal persistent | remove rsyslog (by default)

Jamie Strandboge jamie at canonical.com
Thu Jan 12 16:20:13 UTC 2017 

On Thu, 2017-01-12 at 10:50 -0500, Bryan Quigley wrote:
> We could explicitly keep rsyslog supported in main for at least 18.04
> for the for those who need it (or indefinitely if we find it's still
> needed for remote enterprise logging).   I was thinking that we might
> have to keep it in main until 18.04 anyway for upgrades.
> 
I think this would be a hard requirement if it was decided on the switch.

Another thing that came to mind is 'logcheck' (in main) for log auditing and I
don't think it understands systemd-journald log format. logcheck is not
installed by default of course, but it is another package useful in enterprise
environments. If the standard logs are removed, then installing logcheck won't
work by default and additional steps need to be performed to install rsyslog
(and make sure systemd-journald forwards to it).

There are two things here:
1. make systemd journal persistent
2. avoid duplicate logs from rsyslog

Why not just do '1' and let rsyslog remain? The standard logs are rotated so
this shouldn't be overly burdensome. Have you measured how much the duplicate
logs would take on a typical system?

> Kind regards,
> Bryan
> 
> 
> On Wed, Jan 11, 2017 at 5:32 PM, Jamie Strandboge <jamie at canonical.com> wrote:
> > 
> > On Wed, 2017-01-11 at 08:29 +0100, Martin Pitt wrote:
> > > 
> > > Jamie Strandboge [2017-01-10 16:27 -0600]:
> > > > 
> > > > 
> > > > Remote logging. Rsyslog is far superior in this regard. Granted, remote
> > > > logging
> > > > is not enabled by default but it is a requirement in many environments.
> > > The systemd-journal-remote package does provide the necessary tools and is
> > > reasonably flexible (push or pull, builtin https or using arbitrary ports
> > > which
> > > you e. g.  could forward through ssh). It might not be as flexible as
> > > rsyslog,
> > > but as one needs to set up remote logging manually anyway, you always have
> > > the
> > > possibility of picking rsyslog, journal, or even something else.
> > > 
> > Yes, but the 'logged to' system needs to be running systemd[1]. rsyslog
> > speaks
> > the standard syslog protocol on 514/udp, but systemd-journal does not.
> > 
> > [1]https://www.freedesktop.org/software/systemd/man/systemd-journal-remote.h
> > tml
> > 
> > --
> > Jamie Strandboge             | http://www.canonical.com
> > 
> > 
> > --
> > ubuntu-devel mailing list
> > ubuntu-devel at lists.ubuntu.com
> > Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo
> > /ubuntu-devel
> > 
-- 
Jamie Strandboge             | http://www.canonical.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20170112/a36166fb/attachment.pgp>

More information about the ubuntu-devel mailing list