Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Red Hat's Linux Changes Raise New Questions

timothy posted more than 2 years ago | from the source-is-open-start-your-own-distro dept.

Operating Systems 433

itwbennett writes "Last month two Red Hat developers proposed to replace the 30-year-old syslog system with a new Journal daemon. Initial reaction was mostly negative and 'focused on the Journal's use of a binary key-value form of data to log system events,' says blogger Brian Proffit. But now, says Proffitt, it seems that the proposal to replace syslog has less to do with the fixing syslog's problems than with Red Hat's desire to go its own way with Linux infrastructure."

cancel ×

433 comments

Sorry! There are no comments related to the filter you selected.

One of the advantages of Linux (5, Insightful)

Todd Knarr (15451) | more than 2 years ago | (#38229710)

That's one of the advantages of Linux: RedHat can go their own way without needing the rest of us to buy in, and without really messing things up for us. If they provide a reasonable API, it'll either be compatible with syslog with a simple library substitution or we'll quickly see a wrapper library that allows programs to use either syslog or Journal without needing code changes.

I think going to binary's a bad idea, myself. The fewer tools you need working to find out what the error is, the easier it is to debug and fix the problem. But let RedHat try this and see how it works, and then we can decide once we've got some real-world data to compare.

Re:One of the advantages of Linux (5, Interesting)

LordLimecat (1103839) | more than 2 years ago | (#38229758)

There are advantages to not having everything in ascii text, or else we would never see relational databases used for anything. You are right that we will see. I like plain text logs because I am still learning the ins and outs of the major Linux breeds, and not having to learn a special tool for every config file and log makes things easier; but I wont say that there couldnt be benefits to a more robust system.

Re:One of the advantages of Linux (5, Insightful)

MightyMartian (840721) | more than 2 years ago | (#38229952)

No matter your experience, plain-text logs make more sense, especially in *nix operating systems. You have a vast array of tools to search log files with; my favorites being tail and grep. The minute you go to binary logging your options shrink or you end up having to use additional tools to reconvert it to text (ie. the Windows event log).

Re:One of the advantages of Linux (3, Insightful)

LordLimecat (1103839) | more than 2 years ago | (#38230116)

As has been pointed out, there is no reason you couldnt use a new tool to get the output you want out of the database.

You cannot, for example, convince me that noone is able to script MySQL databases, despite their binary nature.

Re:One of the advantages of Linux (2)

heinousjay (683506) | more than 2 years ago | (#38230216)

If noone can't do it, no one can.

Re:One of the advantages of Linux (4, Insightful)

rsilvergun (571051) | more than 2 years ago | (#38230266)

Yeah, but you add a bunch of overhead to get back to text.

Re:One of the advantages of Linux (5, Insightful)

DiegoBravo (324012) | more than 2 years ago | (#38230448)

Many times with a (semi)broken operating system, you don't have all the usual tools.... sometimes your only clue is a syslog driven console text message.

Re:One of the advantages of Linux (5, Informative)

epiphani (254981) | more than 2 years ago | (#38230276)

Agreed. I submitted this post [gerhards.net] yesterday, by the lead developer for rsyslogd (the most common syslog daemon in linux these days). He makes the point that most of the complaints made are actually wrong if they'd bothered to look at the last 10 years of development and IETF work around syslog.

Re:One of the advantages of Linux (2, Insightful)

lucm (889690) | more than 2 years ago | (#38230298)

No matter your experience, plain-text logs make more sense, especially in *nix operating systems. You have a vast array of tools to search log files with; my favorites being tail and grep. The minute you go to binary logging your options shrink or you end up having to use additional tools to reconvert it to text (ie. the Windows event log).

The more a system becomes complex, the more one needs to see events as part of a whole and do some kind of analysis and correlation. This type of work is done more easily with databases. I like grep like everyone, but if I want to have a nice rollup of events based on time and source, I will get the info much more easily with a SQL query than with a regex piped into a reporting utility piped into a paging utility.

Also I think one has to adapt to a technology, not try to make it work like what was there before (unless he is a one-trick pony). Why would you want to "reconvert" the Windows event log to text? On Windows there is a lot of built-in capabilities for log exploring in Powershell or even in VBS/WMI. A toolbox contains many tools, not just grep.

Re:One of the advantages of Linux (4, Informative)

Crudely_Indecent (739699) | more than 2 years ago | (#38230350)

What I don't understand is why you can't achieve both log security and log usefulness with the existing tools.

In a previous job (seems like a different life) - I set up all of the servers to utilize remote syslog. The syslog server then offered the log directory as a read-only NFS exports to each of the servers.

It was quick, it was easy, and it was secure. You could view the local logs on individual servers, but you couldn't alter them in any way except by generating log output.

Re:One of the advantages of Linux (2)

DrXym (126579) | more than 2 years ago | (#38230718)

No matter your experience, plain-text logs make more sense, especially in *nix operating systems. You have a vast array of tools to search log files with; my favorites being tail and grep. The minute you go to binary logging your options shrink or you end up having to use additional tools to reconvert it to text (ie. the Windows event log).

Except you already see binary log files on Unix. Log files are frequently compressed with gzip. I don't see a big difference between someone typing (for example) "zcat file.gz | grep somestring" and "redhat-log-cat | grep somestring" assuming that was the name of the tool they used to crap out a logfile from the binary db.

I'd also note that tools like git are happy to store things in binary objects yet still present stuff in textual format to the user.

Re:One of the advantages of Linux (2)

errandum (2014454) | more than 2 years ago | (#38229782)

Because if they go their own way the next time you're trying to compile something a bit more complex it won't screw everything. I like red hat based distros because they tend to stay more or less the same over the years, leading to easily configurable systems. The moment they deviate it'll be their death.

Re:One of the advantages of Linux (4, Insightful)

skids (119237) | more than 2 years ago | (#38229840)

That's one of the advantages of Linux: RedHat can go their own way without needing the rest of us to buy in, and without really messing things up for us.

Not quite true. If PHB insists on RHEL, you're stuck coping with whatever poor choices they make.

Why do I get the sense that all the chafing at the "restrictions" of the LSB/linux-instinct/unix-way/common-sense is just the bellyaching that happens when you realize you're short the talent/energy/whatever to progress and start looking for ways to re-arrange the deck chairs?

Re:One of the advantages of Linux (2)

GameboyRMH (1153867) | more than 2 years ago | (#38229944)

If PHB insists on RHEL, you're stuck coping with whatever poor choices they make.

And that's RHEL's bread and butter, corporate support & name recognition, always a requirement at businesses with a NEGFFBIBM attitude. Anyone who doesn't need it will just go with CentOS or some other distro. Those who do need it...well I guess when the troubles become to great they'll have to make a hard decision.

Re:One of the advantages of Linux (3, Interesting)

Anonymous Coward | more than 2 years ago | (#38230050)

WTF does NEGFFBIBM mean? Google fails me on this one :(

Re:One of the advantages of Linux (5, Informative)

Anonymous Coward | more than 2 years ago | (#38230150)

Nobody Ever Got Fired For Buying IBM

- GameboyRMH (bloody post limiter!)

Re:One of the advantages of Linux (0)

Anonymous Coward | more than 2 years ago | (#38230368)

You should have wrote it the first time instead of using a stupid acronym. idiot!

Re:One of the advantages of Linux (0)

Anonymous Coward | more than 2 years ago | (#38230156)

No one ever got fired for buying IBM.

My smart-ass response was going to be WTF does WTF stand for?

Re:One of the advantages of Linux (0)

randizzle3000 (1276900) | more than 2 years ago | (#38230396)

What the fu** does WTF mean? You used it twice!

Re:One of the advantages of Linux (1)

el_tedward (1612093) | more than 2 years ago | (#38230122)

North-East-Goat-Fried-Farmer-Baked-Interesting-Babble-Manti?

Re:One of the advantages of Linux (0)

Anonymous Coward | more than 2 years ago | (#38229958)

But this is exactly the situation benefits most. The only real issue is if the PHB demands Unbreakable Linux and now your syslog daemon is different then the one RHEL box you inherit from a merger.

That works both ways (5, Insightful)

Anonymous Coward | more than 2 years ago | (#38230100)

You will also be stuck with all the good choices they make.

Reading what they are proposing it seems that is actually a very good idea. When you get out of hobbyist and small environments and into environments with more demanding requirements about security auditing the traditional syslog has not cut it for years anymore. The first step in many environments is usually to rip it mostly off and replace with some more or less proprietary environment.

The new ideas such as improving the reliability of log shipping, reducing possibilities towards tampering, and improving chances for more advanced log analysis are really awesome things - especially for people who are serious about their logging. Syslog and its text format are legacy poison and it will be good to see them die and vanish. Hopefully that happens fast.

Also, keep in mind that that RedHat is still open sourcing that stuff. They will provide tools and APIs - as they require those also themselves.

Re:That works both ways (4, Insightful)

mlts (1038732) | more than 2 years ago | (#38230312)

Even though the syslog is in a binary format, it would be nice to have it also stored in text as well. For example, on some sensitive machines, I would have the syslog redirect to an IBM3151 serial terminal for real time monitoring. This way, I could immediately tell if a job started at its appropriate time, finished, or caused issues.

IMHO, the best way RedHat should implement this is similar to how AIX does logging. It has its own format for logs that are read using the errpt command. However, one can turn on plain old syslog logging and have that able to be stored in a file, forwarded to a log server, or shipped via a serial connection to a secure log drop that has no network access. It would be nice to have a signed, secure format for logs, but also nice to have plain text to watch in realtime and search from without requiring specialized commands.

Re:One of the advantages of Linux (5, Insightful)

LordLimecat (1103839) | more than 2 years ago | (#38230132)

Not quite true. If PHB insists on RHEL, you're stuck coping with whatever poor choices they make.

Package management: use it. I would be very surprised if RedHat prevented you from installing whatever logging facility you wanted on your server.

Re:One of the advantages of Linux (2)

esocid (946821) | more than 2 years ago | (#38229916)

Maybe entrenchment has some bearing on it. The article mentions the arguments for switching from syslog, and that you can do some of them already in syslog, but nobody does.

However, I agree with you. Let RH try it out. It's not like they can't revert if they find that it was a bad choice. If we wanted all distros to be the same, we'd run windows instead.

Re:One of the advantages of Linux (4, Insightful)

CAIMLAS (41445) | more than 2 years ago | (#38230004)

Looks like they're pulling the same shit Ubuntu pulled with upstart (init replacement). "Let's replace something simple and elegant with something complex, incomplete, and very difficult to fix when it goes wrong".

Sorry, but no thanks. I can see the need for something else, in a limited/special purpose role, but these assholes are aggregately destroying the very basis of what makes Linux a good, robust server choice:

* you can use traditional unix tools from ssh to manipulate and analyze the system
* there are literally thousands of tools for analyzing, manipulating, and storing syslog data
* init is purely linear, whereas upstart is threaded, increasing the possible ways in which it can fail as well as increasing the difficulty of troubleshooting
* KISS means broken things are more obvious.
* KISS means there's less that can go wrong.
* Most Windows guys don't even read the logs, from what I've seen. This could quite possibly be related to the complexity and lack of utility of Event Viewer itself, granted, but even Event Logs can be exported to syslog...

While we're at it, why don't we start using XML or sqlite as a replacement for /etc.

Re:One of the advantages of Linux (4, Informative)

Compaqt (1758360) | more than 2 years ago | (#38230160)

I agree in general with "if it's not broken, don't fix it". Witness /. opinion regarding Unity/Gnome changes.

About Upstart, my lowly sysadmin opinion is this: It seems different from the other stuff Ubuntu's been doing in that, AFAIK, it's not alone in this. I think Fedora's going that way too.

Also, with Upstart I know if the webserver crashes for some reason, it'll restart without intervention. Yeah, I know, you're not getting to the root of the problem, but it beats being stuck to a top display looking if something burned.

Re:One of the advantages of Linux (5, Interesting)

LordLimecat (1103839) | more than 2 years ago | (#38230190)

Looks like they're pulling the same shit Ubuntu pulled with upstart (init replacement). "Let's replace something simple and elegant with something complex, incomplete, and very difficult to fix when it goes wrong".

One could make that argument about solid-state electronics, the move away from punch-cards, the move from paper-based filing, the move to journaled filesystems, etc.

Sometimes progress means letting go of the past, and sometimes it takes a while to fully bake; thats why RedHat doing the QA, testing, and development for the rest of us is a good thing. If it sucks, it will die, and noone really has to acknowledge that it ever existed.

Re:One of the advantages of Linux (5, Insightful)

Hatta (162192) | more than 2 years ago | (#38230688)

If it sucks, it will die.

On what do you base this assumption? History is littered with sucky technologies that became standard because someone important was pushing it.

Re:One of the advantages of Linux (2)

pdxer (2520686) | more than 2 years ago | (#38230692)

If it sucks, it will die, and noone really has to acknowledge that it ever existed.

Yeah, that's what happened with Windows. It...oh wait...

Re:One of the advantages of Linux (0)

Anonymous Coward | more than 2 years ago | (#38230696)

# /etc/init.d/belt reload-onion

Re:One of the advantages of Linux (3, Insightful)

Anonymous Coward | more than 2 years ago | (#38230120)

That's one of the advantages of Linux: RedHat can go their own way without needing the rest of us to buy in, and without really messing things up for us. If they provide a reasonable API, it'll either be compatible with syslog with a simple library substitution or we'll quickly see a wrapper library that allows programs to use either syslog or Journal without needing code changes.

I disagree. In fact, I'd call this a real disadvantage of the FOSS world (bazaar-style development in particular): change comes so slowly because no one else will commit to it. I think it's hard to really take advantage of changes if others just slap an abstraction layer on top of them and otherwise ignore them. I haven't studied this specific example in detail, but off the top of my head:

  • software written by people with that attitude won't take advantage of the key/value pair format because syslog doesn't have that
  • likewise nothing will switch from a proprietary format to the new common infrastructure
  • log analysis software probably won't do anything too interesting with the output files because god forbid someone be left behind

and so this won't be as useful as it would be otherwise.

To take another example I have paid a little more attention to, init was around for far too long, and yet I'm amazed init->upstart happened at all. Even when something is clearly superior, if it takes buy-in from people who want their software to work on the greatest possible range of systems, it's hard to make that happen. init->upstart probably worked because the startup is a relatively unobtrusive piece of the software, relatively easily replaced by distributors.

In contrast, proprietary or cathedral-style development of a whole system does much better at this. They have the sort of unity of purpose where they can agree that something is valuable and exploit it through the whole system. I've seen this at work. Maybe the best example is something that hasn't happened in the Linux world, though: a widely used high-level language. The GNOME people in particular won't commit to anything but plain C, with their painful object model on top of it.

Re:One of the advantages of Linux (4, Insightful)

Iphtashu Fitz (263795) | more than 2 years ago | (#38230166)

RedHat can go their own way without needing the rest of us to buy in

The only problem with your argument is that Red Hat has a huge base of paying customers, and money talks.

I manage a small research cluster at a university. It's running Red Hat linux on over 100 nodes. The university has a site license for Red Hat so licensing for the cluster isn't an issue. The decision to go with Red Hat had to do mainly with what distros are directly supported by commercial products like Matlab, Mathematica, Abaqus, Maple, Comsol, Ansys, etc. All these vendors sell lots of software & services to universities, research labs, etc. and they all support Red Hat linux.

I've personally dealt with support departments when trying to run commercial software on non-RH distros, and in some cases they pretty much tell you you're on your own if you're not using RH or one of the other top two or three distros. Most commercial vendors will only state that they support RedHat, SUSE, and maybe Ubuntu and/or Debian.

If/when Red Hat comes out with a new way of doing things then customers like us will start pushing on the vendors to support those new ways. After all, we're tied into using Red Hat, and we need their products to run on it. So the commercial software vendors will start supporting the Red Hat way of doing things to appease their customers. And once the commercial vendors start supporting it then it will slowly but surely make its way into other distributions as well so that these apps can run on distros that other people want to use.

Re:One of the advantages of Linux (2)

mlts (1038732) | more than 2 years ago | (#38230188)

I'd disagree. RedHat is only one of two Linux distros that is FIPS and Common Criteria certified. Of course, to people who work with Linux, this doesn't mean much. However when it comes audit time, the auditors either want to see certifications of the OS, or one better has to have a damn good reason (and not a technical one -- one that will appeal to a bean counter who is looking for any excuse to shut your operation down) why the OS isn't certified. Usually one has to explain in great detail why the OS in use is not Windows.

With this being the case, what RH does affects a lot of production items. Take RHEL 6 -- it now uses a new network startup daemon instead of the old network binary. One can switch to the old one, but that one is depricated. Same with commands like ifconfig -- in RHEL6, one uses "ip addr" instead.

Re:One of the advantages of Linux (0)

Anonymous Coward | more than 2 years ago | (#38230616)

problem is not only on log writying, but aldso on lig collection and searching. Their tool will not be compatible with standard syslog daemon for collecting on a central log server.

Re:One of the advantages of Linux (0)

Anonymous Coward | more than 2 years ago | (#38230646)

I've been down this road before with IBM's OS/2. Every system had its own proprietary binary log format and its own proprietary log utilities. It was a real pain in the you-know where. Squared if you needed to correlate events from 2 or more products.

What next, binary formats for config files a la the Windows-OS/2 registry?

First post (1, Offtopic)

turbidostato (878842) | more than 2 years ago | (#38229718)

WTF!? First post and the linked article is already slashdotted?

Re:First post (1)

errandum (2014454) | more than 2 years ago | (#38229816)

I would mod you up as funny if I hadn't already replied in this conversation :P

Re:First post (4, Funny)

pscottdv (676889) | more than 2 years ago | (#38229838)

It's almost like there are people reading the article before they post! That way lies madness!!

Re:First post (2, Informative)

LordLimecat (1103839) | more than 2 years ago | (#38230200)

Mod parent troll, Slashdot doesnt have articles, only comment threads. At least _IVE_ never seen any articles.

Avoid binary please!! (4, Insightful)

Anonymous Coward | more than 2 years ago | (#38229722)

When everything else is failing ... you still need to be able to dig into the the syslogs reliably no matter what! One little hiccup and you can easily lose everything in most binary type implementations, while at worst you see a little garbage in the syslogs!

Re:Avoid binary please!! (2)

errandum (2014454) | more than 2 years ago | (#38229896)

The problem is, they can be easily cleaned. I see where they are coming from with this, to be honest.

Instead of going binary they could just use a database system, with queries and whatnot. Each new application would bring a new table.

This would deal with two things: With proper access configuration it'd be safe from tampering, and it'd be easy to dig through. The amount of garbage that ends up in the logs is mind numbing. (yeah yeah, I know grep works and I still think this would be a better solution)

Re:Avoid binary please!! (5, Insightful)

GameboyRMH (1153867) | more than 2 years ago | (#38229986)

Or just use a network log server, which is both better from a security standpoint and lets you keep your plaintext logs.

Re:Avoid binary please!! (1)

errandum (2014454) | more than 2 years ago | (#38230168)

That's a viable option, like many others, but I still think that a very big and very long text log is something that could be optimized by a database.

Re:Avoid binary please!! (2)

qbast (1265706) | more than 2 years ago | (#38230204)

And this has been long solved - both rsyslog and syslog-ng can log to database.

Re:Avoid binary please!! (4, Informative)

RedHat Rocky (94208) | more than 2 years ago | (#38230492)

syslog is one of those things that needs to work when things break, so one can figure out what to fix.

Making it more complicated with more things to go wrong goes against this purpose.

Example:
Hmm, database server is acting weird, wonder what's wrong? I'll check syslog. Hmm, syslog is toast. Ah.....

Re:Avoid binary please!! (1)

Jonner (189691) | more than 2 years ago | (#38230790)

Whether you "lose everything" is not necessarily function of whether a format is textual or not. There are plenty of robust binary formats such as file systems and MPEG streams. However, being able to read logs from a different system is essential, so the lack of commitment to a set format is troubling.

Just more things to break ... (3, Interesting)

tomhudson (43916) | more than 2 years ago | (#38229724)

Keep on fragmenting each distro ... at a certain point, people will just get tired of distro-hopping and dump the whole mess.

And people ask when the Year f the Linux Desktop will be. It's things likie this, and the constant breakage because of change for the sake of change or to "be different", rather than focusing on stability, that drive people to non-free vendors.

Re:Just more things to break ... (2)

Synerg1y (2169962) | more than 2 years ago | (#38229754)

Not to mention everybody who is running Red Hat in production, who will probably be forced to accept the new features if they like security updates.

Re:Just more things to break ... (1)

imemyself (757318) | more than 2 years ago | (#38229792)

Have you ever used RHEL / CentOS? I hightly doubt they will push out a completely different logging system as a normal update in an existing version.

Re:Just more things to break ... (0)

Synerg1y (2169962) | more than 2 years ago | (#38229854)

But eventually you need to upgrade the kernel to continue receiving updates, even if that's 2 years from now. The larger the environment, the harder this is of course. And when you upgrade the kernel, I doubt you can opt out of the new "features".

Re:Just more things to break ... (1)

0racle (667029) | more than 2 years ago | (#38229950)

So the answer is you haven't used RHEL.

Re:Just more things to break ... (1)

garyebickford (222422) | more than 2 years ago | (#38230138)

In my case, I stopped using RHEL when it got to be too much of a PITA, and one too many changes that broke stuff that I was using. It's been a while now so I don't recall the details. IMHO a good OS maintains security and otherwise mostly stays the hell out of the way.

Re:Just more things to break ... (1)

imemyself (757318) | more than 2 years ago | (#38229968)

My point is that RH isn't going to make that kind of change in an existing version of RHEL.

Now upgrading from 5 -> 6, or 6 -> 7 whenever that's released. Yeah...stuff's going to change. Maybe they'll put this in RHEL 7. But I don't this significant of a change would be pushed down as a normal update within v5 / v6 even in a 6.x or 5.x update.

Re:Just more things to break ... (4, Insightful)

LordLimecat (1103839) | more than 2 years ago | (#38229794)

Keep on fragmenting each distro

The whole point of a distro is that it is DIFFERENT from the others around it, not that it is similar. They all have their strengths and weaknesses, and the various things they try can be pulled into other projects.

For instance, Canonical has been talking about rolling Wayland in as a replacement for X in Ubuntu. It might be a phenomenal failure, or it might be incredibly successful. If it works well, Im sure RedHat, CentOS, Debian, etc will all pull it in as well, and some bit of progress will have been made. If it sucks and dies, well, that too is progress.

Re:Just more things to break ... (0)

Anonymous Coward | more than 2 years ago | (#38230576)

It's one thing to be different... It's another to waylay to some of the core beliefs surrounding linux, and foss in general. Then again, they're a mainline dist, and can do whatever the hell they want.

However, moving to a binary with their scenario seems highly radical to me, especially from an entity that has been as successful as Redhat has. These smells awfully like change for changes sake, and possibly marketing, rather than calculated move with merit and a solid programming argument to back it up.

Re:Just more things to break ... (2)

guruevi (827432) | more than 2 years ago | (#38229994)

You can also simply substitute your own binaries on the same platform. It's not because RH gives Syslog by default that you can't install Journal and vice versa. You can have them even running concurrently (where necessary). Most people and even sysadmins don't care what is running the logs as long as it's readable unless they're running a dedicated syslog server where any such changes will be monitored.

The standard daemon for mail used to be Sendmail later Postfix. Yet people still run either out of necessity or preference QMail, Sendmail and I use personally a very simple forwarding daemon that sends it to my GMail account.

THAT is the beauty of Open Source (and by extension GNU/Linux). If Windows slips in a new logger (or task bar, security center, .NET framework etc.) you can't replace it, in Linux you can take your bog-standard distro (Ubuntu, Red Hat) and replace piece by piece very simply.

Re:Just more things to break ... (1)

garyebickford (222422) | more than 2 years ago | (#38230300)

I dumped RHEL and started using Ubuntu because it was easier to set up a simple desktop and also run various server apps for development, while RHEL seemed to be trying to take over more and more of the system with its own flavors. Now Ubuntu seems to have decided to go the same way. I'm still running 10.04 and trying to decide what to do.

Each of these companies, IMHO, seems to think that what they are doing is Important, Useful and even Visionary. I think it's more about justifying their own existence and expanding their brand. But (to stretch an analogy way too far), "He governs best who governs least". As these companies try to build their own little fortresses, they must inevitably give up more of the countryside, where trees and flowers and deer and bears can get by all by themselves, thank you very much.

I just want to run a reasonably secure, flexible operating system, and run a good 3D-oriented GUI (I'm a visual kind of guy). WRT this particular 'innovation', I regularly depend on 'tail -f' to watch log files on multiple remote systems (that happen to be running FreeBSD), sometimes filtering through several other programs to narrow down and transform the output. I fail to see what is wrong with the present system, and I don't see the point. I do confess I haven't done the research to really answer myself, but there are many aspects of 'the true *nix' that are that way for good reasons - call it the zen of OS. Sometimes the simplest is best.

If they want to do this, then it should be on the back end of the syslog output - tail the syslog into their fancy-schmancy binary system. This avoids disrupting all sorts of system tools, while providing everything that RHEL wants to accomplish.

Re:Just more things to break ... (2)

GameboyRMH (1153867) | more than 2 years ago | (#38230006)

Hey before Ubuntu went off the deep end it really seemed like the Year of the Linux Desktop was this close!

Re:Just more things to break ... (2)

RedHat Rocky (94208) | more than 2 years ago | (#38230386)

Pfffpt. It's either bitch because things change or bitch because things DON'T change fast enough.

There will always be someone who is unhappy, change or not.

Linux will continue to succeed BECAUSE there are choices.

Re:Just more things to break ... (1)

future assassin (639396) | more than 2 years ago | (#38230446)

>And people ask when the Year f the Linux Desktop will be.
For me that was 4 years ago when OpenSuse just worked out of the box and then it got replaced by Mint.

Re:Just more things to break ... (2)

mlts (1038732) | more than 2 years ago | (#38230480)

Believe it or not, this is one selling point for AIX. IBM touts that if it runs in an earlier version of AIX, it almost certainly will run on AIX 7. In fact, IBM actually has a binary compatibility guarantee that anything running on AIX 5.x or 6.x will run on the latest version.

Of course, change is important, because an OS that ends up stagnant will eventually fall to the wayside, but in a production environment, people want to have to change as little as possible during an upgrade cycle.

Re:Just more things to break ... (1)

devent (1627873) | more than 2 years ago | (#38230640)

What have desktop Linux with syslogs to do?
You do know what we are talking about? About enterprise systems and the logs, like the apache log, daemon log, kernel log, etc.
We are not talking about anything that have to do with the desktop.
I'm using Linux desktop now for 3 years and besides a dmesg I never looked in the syslogs. And I couldn't care less if dmesg is a database or plain text.

Error prevention? (3, Insightful)

esocid (946821) | more than 2 years ago | (#38229738)

Not that it bothers me, but in forums people are quick to point out that they think Fedora's choice of kernel numbering is stupid. I mention I'm on 2.6.41.1-1.fc15.x86_64, and the first response is, "that kernel doesn't exist." (And yes, Fedora will move to the standard numbering scheme with 17 if I'm not mistaken)
I've found most of RH's decisions to do something their way is to prevent problems down the road. Same for kernel numbering, it was supposedly to prevent repo errors. I don't know for certain, but I'd expect this to also be the case here.

Re:Error prevention? (0)

Anonymous Coward | more than 2 years ago | (#38229926)

You are mistaken. Fedora 16 uses the usual kernel version numbers. In 15 it wasn't this wasn't possible due to the risk of breaking things when switching to a totally new and kernel versioning scheme. It wasn't Red Hat's decision but a decision made by the Fedora maintainers.

Re:Error prevention? (3, Insightful)

broken_chaos (1188549) | more than 2 years ago | (#38230066)

I can understand the kernel numbering issue -- the 3.0+ kernels are functionally unchanged from the late 2.6 series, but the version number change did break some userspace tools/scripts that (in a poor, but understandable, decision) relied upon the kernel version, often as being in the 2.6 series. Of course, this was a holdover from the old huge swap from 2.4 to 2.6, where almost everything changed.

With Linus suddenly deciding, "Hey, this version is now 3.0, even though there are no compatibility-breaking changes from the last 2.6 kernel.", some of those userspace tools/scripts broke in unexpected ways with version checks, but didn't actually break in effect. So re-numbering the kernel to stave off needing to immediately fix them without much warning was a fairly reasonable thing to do, for the short term.

Overall, I agree with the decision to move to the 3.0 version numbering, though a bit more warning may have helped. Considering just how much the kernel development cycle changed from the 2.4/2.6 transition (namely in there never being a 'full' development branch), making a very clear, albeit arbitrarily timed, version number swap seems sensible to me.

Re:Error prevention? (2)

LordLimecat (1103839) | more than 2 years ago | (#38230258)

Overall, I agree with the decision to move to the 3.0 version numbering, though a bit more warning may have helped.

"A bit more warning" is why we're still on IPv4 (though im grossly over-simplifying).

Re:Error prevention? (2)

parf (2444578) | more than 2 years ago | (#38230268)

they fixed user tools in fc16 $ rpm -qa | grep kernel kernel-3.1.2-1.fc16.x86_64

Who Cares?? (0)

Anonymous Coward | more than 2 years ago | (#38229766)

Isn't this the point of Linux?

Whining by some guy with a log analyzer (4, Insightful)

Animats (122034) | more than 2 years ago | (#38229806)

This is just whining by some guy who wrote a log analyzer that will no longer be necessary.

QNX has had a simple structured log daemon [qnx.com] for years. Reading their log never tails off into junk; you always get a clean, current last record. Their solution even works on diskless systems. In many real-time applications, logs are transmitted to some remote location, rather than being kept on each local machine.

Re:Whining by some guy with a log analyzer (2)

errandum (2014454) | more than 2 years ago | (#38230090)

Excuse me, it's true their logging facility might be good, but I was under the impression that the junk you see are the junk applications send, so I have no clue how QNX deals with that.

And sending them to a remote location is possible in linux already.

Never tried to use linux in a diskless system though, so I have no idea how syslog would react.

Re:Whining by some guy with a log analyzer (2)

CAIMLAS (41445) | more than 2 years ago | (#38230272)

I don't see you describing anything which isn't possible (and common) with the syslog format. Most environments have remote syslog servers, you can filter events by event type, etc. and you can get a "clean, current last record" in a number of ways quite trivially (tac or last -f, pick your poison).

Changing from syslog format will cause all sorts of problems. There are literally thousands of syslog analyzers in use, custom scripts, and people who use common utilities (such as the above, plus grep/sed/awk/etc.) to monitor and manipulate the files into something else. I personally use half a dozen different tools for this, such as Fail2Ban and loganalyzer. Many of these ship on the default install on systems because they're useful (targetting specific functionality on top of the very specific and minimal functional role of syslog).

like linux needs more fragmentation (-1)

Anonymous Coward | more than 2 years ago | (#38229824)

this is why linux is hardly ever considered as a serious OS for users. keeping up with linux forks, packages, vulns, the decentralized updating is fucking great, sign me up.

people would rather pay a couple hundred dollars for windows or the premium involved with buying a mac than use linux for free. what does that tell you? (oh wait this is slashdot, so I'll hear lots of conspiracy and anti-microsoft rhetoric in response.)

circle-jerk go!

Re:like linux needs more fragmentation (1)

jedidiah (1196) | more than 2 years ago | (#38229978)

> people would rather pay a couple hundred dollars for windows or the premium involved with buying a mac than use linux for free. what does that tell you?

What does it tell me? You are a liar.

Very few people in fact pay for the premium for a Mac.

On the other hand, most people use Windows because "most people use Windows". It has been that way since Macs were an MC68k based platform. This leads to little things like software not being available for Macs or AIO printer devices not working on Macs.

How any of them handle any particular technical detail is largely irrelevant.

Besides, we're talking about an enterprise server vendor we are talking about here. RHEL is not some MacOS wannabe.

Re:like linux needs more fragmentation (1)

gmhowell (26755) | more than 2 years ago | (#38230080)

> people would rather pay a couple hundred dollars for windows or the premium involved with buying a mac than use linux for free. what does that tell you?

What does it tell me? You are a liar.

Very few people in fact pay for the premium for a Mac.

OMG, you finally admit that the Mac 'premium' is illusory. No, that can't be it. It would make too much sense.

Re:like linux needs more fragmentation (0)

Anonymous Coward | more than 2 years ago | (#38230240)

OMG, you finally admit that the Mac 'premium' is illusory. No, that can't be it. It would make too much sense.

Show me an Apple product where I can trivially change the video card, CPU and add a second drive. There is only one, and that's the massively expensive mac pro. There is no mac pro for $500, there isn't one for $1000, nor is there one for $1500, not event for $2000. 99% of people buying PCs aren't spending two grand, let alone $2500 for the lowest mac pro. iMacs are not upgradable, even swapping the single harddrive means a three hour job of dismantling the entire machine to get the screen off before you can access the drive. Never had a drive go bad, or need to install a bigger one?

Yup, Mac premium is very real because Apple make a ton of cash from fashion items and dweebs thinking they're l337 buying the gear with the most obsolescent built in.

Re:like linux needs more fragmentation (0)

Anonymous Coward | more than 2 years ago | (#38230286)

OMG, you finally admit that the Mac 'premium' is illusory. No, that can't be it. It would make too much sense.

No, he said that very few people pay for the premium.

Considering that Mac marketshare is around 5% of home computers and 3.5% of business desktops last quarter, I think that counts as "very few"

Re:like linux needs more fragmentation (1)

Zerth (26112) | more than 2 years ago | (#38230334)

blockquote fail

Re:like linux needs more fragmentation (0)

LordLimecat (1103839) | more than 2 years ago | (#38230358)

It is a minor source of amusement to me to periodically price out a MacBook, and then find an equivalent model on NewEgg, to find out just how many spare, identical laptops I could purchase for the same cost of the Macbook.

Last time I checked, I believe it was 3-- that is, every year for 3 years, I could toss out my smudged, scratched PC laptop and start up on a new one, and it would still make more financial sense than getting the Mac.

Just in case you dont believe me,
http://imgur.com/kvUkV [imgur.com]
Whats that, the comparison isnt fair? The PC has better specs than the mac, and is half the price? Yea, well, thats what you get when you get a Mac, noone said the comparison was fair.

Re:like linux needs more fragmentation (0)

Anonymous Coward | more than 2 years ago | (#38230288)

You sir, are an idiot and a shill.

another reason people don't use linux because when they need help: they have to deal with assholes like you.

Re:like linux needs more fragmentation (1)

LordLimecat (1103839) | more than 2 years ago | (#38230314)

It tells you that people want a Mac, it says nothing about the technical merits of the system; youre simply assuming that their reasons for choosing Mac OSX are technical in nature, or that they have heard of Linux, or understand the difference between a GUI and an OS.

They may be Red Hat employees/developers (0)

Anonymous Coward | more than 2 years ago | (#38229892)

But what they're doing is going into Fedora, which is a much larger community than and more than just Red Hat.

And just because it's in Fedora does not guarantee that it'll end up in RHEL.

I'm not convinced that there's anything wrong with syslog any more than I was convinced there was anything wrong with the SysV init, but the thing about F/OSS is that to get your chops you have to own something that's important. At one end of the spectrum you've got people who own a little perl module or two, and at the other end you've got the big cheese himself, and everyone in between.

I'm not sure that what these developers aren't doing is trying to establish some high ground for themselves. Squeaky wheels get the grease and all that.

Is he not aware? (3, Insightful)

C_Kode (102755) | more than 2 years ago | (#38229902)

Is he not aware how terrible syslog is? syslog is ancient and has several series flaws from security to just stupid limitations. It should have been replaced ages ago.

Re:Is he not aware? (4, Informative)

Nos. (179609) | more than 2 years ago | (#38230062)

syslog the application or syslog the protocol? syslog the application? Yes, its past due, and things like rsyslog are much better.

syslog the protocol is fine.

The problem with this proposed replacement is that it does not fix anything. The only advantage it gives is to be able to tell if the logs were altered. That's it. You're far better off with a secondary/centralized logging system. Store your logs in text, compressed, encrypted, in a database, it doesn't matter. Just get them to a different location and then not only can you tell that the originals were altered, you can tell what was removed. All while using existing tools.

Re:Is he not aware? (1)

jedidiah (1196) | more than 2 years ago | (#38230078)

Yes. Yes, we get it.

[Hetfield] "New stuff good, Old stuff Bad" [/Hetfield].

Re:Is he not aware? (0)

jellomizer (103300) | more than 2 years ago | (#38230182)

He may be away of it. But I think he is like a lot of other Unix/Linux people, who has some degree of autism. Where they have a hard time dealing with change.

I can't read the article (0)

Anonymous Coward | more than 2 years ago | (#38229980)

I can't read the article with all of the annoying scrolling on the right panel. No, I won't resize my browser just for that.

Ontimedeals.com (-1)

Anonymous Coward | more than 2 years ago | (#38230042)

I also found a great website that lists online store coupons, promotional codes, online sales and more at

www.ontimedeals.com

Hasn't this somewhat happened (1)

Murdoch5 (1563847) | more than 2 years ago | (#38230060)

Didn't Ubuntu already change the original implementation of syslog as specified in the RFC? Can anyone name me a current popular and wide spread distribution which uses the original syslog? All red hat is doing is upgrade a dead standard to something modern.

RedHat Considered Harmful (0)

rjmx (233228) | more than 2 years ago | (#38230082)

I think the world would be better off if RedHat went off and annoyed some other planet. First dbus, and now this. Why in the name of all that's holy are they making simple things complicated?

Re:RedHat Considered Harmful (1)

Scutter (18425) | more than 2 years ago | (#38230154)

I think the world would be better off if RedHat went off and annoyed some other planet. First dbus, and now this. Why in the name of all that's holy are they making simple things complicated?

It really sucks that RedHat is forcing this change down your throat. If only there were other options. Alas.

Re:RedHat Considered Harmful (2)

rjmx (233228) | more than 2 years ago | (#38230810)

Uh-huh. Have you always specialised in cheap shots, or is this a new development?

You're ignoring the size of the redhat customer base and its extensive use in enterprise systems (my own included). If this crap catches on, it's likely to spread to the other distributions; it's best to stop this exercise in change-for-change's-sake before it catches on.

To explain the point about dbus: originally, as a desktop IPC bus, it probably wasn't such a bad idea. It seems, however, to have spread beyond that point: it starts early in the boot process, and seems to be used by more and more processes every time I look. This might not be so bad if it was well-designed, but it's not: chief among my objections to it is the requirement for a reboot every time the thing gets upgraded (or, presumably, crashes). This is one of the things we all bashed Windows over for years and years -- and now that Microsoft seems to be improving in that respect, Linux starts to require it. This is progress????

Are Linux Fans Really About Innovation? (2, Insightful)

assertation (1255714) | more than 2 years ago | (#38230152)

It seems like every time a distro tries to innovate they get a lot of screaming from the linux community.

There is this change, the screaming about Ubuntu going with Unity, screaming with every change GNOME makes.

Is the FOSS really about innovation or just mouthing the words?

My name is (0)

Anonymous Coward | more than 2 years ago | (#38230192)

Dear Proffitt,

My name is Inncommee. You should remove that extra f and t letters in your name.

Good (1, Insightful)

magamiako1 (1026318) | more than 2 years ago | (#38230210)

It's a good move. Parsing syslog sucks. And I don't care how awesome you think you are as a developer--you need to use the system logging facilities to make it easier on those of us who adminster systems.

At the very least a unified format similar to Microsoft's format would be nice.

ID / DATE-Time / Severity / BLOB OF TEXT

Re:Good (3, Informative)

jandrese (485) | more than 2 years ago | (#38230786)

That is probably the only time I've ever heard Microsoft's system logging compared favorably with anything. In my many years of administering systems, I have yet to ever get a useful piece of information out of any of those logs. It's like there's a requirement somewhere that only useless messages are allowed to be logged, and anything that might help an administrator (like an error message when something crashes for instance!) must never appear. Even if the error is something stupid like a permissions issue, you don't get a Linux like "Permission denied on c:/blah/blah/blah", at most you'll get a "An error occurred" or other worthless message.

Control (2)

mpol (719243) | more than 2 years ago | (#38230222)

I'm not sure, but I get the feeling that different groups in the opensource community are struggling to get control of their platform. Gnome peeps are doing their own thing, Ubuntu heads off in another direction. Red Hat does their own things.
The last 8 years were somewhat mixed in this regard. There was cooperation, like on freedesktop.org, but olso fragmentation and diversification. Now it all seems to fall apart somewhat. I don't see the different groups come together.

I'm really not fond of some things that are happening, like Systemd and all the other incompatible SysVinit systems. Also the mess that are the main desktops now. Then this new syslog proposal. I doubt other distro's will take this, I expect they will stick with syslog or syslog-ng.

For myself I think I'm going with Debian (testing that is) soon. Once old-school just meant old stuff, but nowadays it almost sounds like the best thing there is. All the new software with less bugs, but not the crummy new inventions which you'd rather let pass by.

Double standards (1)

Anonymous Coward | more than 2 years ago | (#38230238)

Just so we get your story straight, Mr. Blogger - when media darling Ubuntu trashes 30 years of platform compatibility and portability by moving away from X11, technology pundits like yourself praise them for being forward-looking and innovative. When Red Hat proposes a better mechanism for system logging that is less susceptible to spoofing log entries, for example, you crucify them on your blog for demonstrating the same qualities?

Hypocrites. At least be consistent, if not objective.

Solution does not stop hackers from modifying logs (0)

Anonymous Coward | more than 2 years ago | (#38230324)

Redhat's solution does not prevent tampering of the log files at all.

The server got to have a certificate and a key to log entries in the log according to the Redhat solution. Yes, you can only read the log using a key that is NOT stored on the server, however, the hacker DO have access to
1) modify system time at will
2) edit the syslog configuration of how to log entries
3) Can delete the current logs
4) Can generate new logs using the key and the certificate located on the server to make it appear as if everything is fine...

What an encrypted log DOES help with is preventing the hacker from gaining additional knowledge from the already existing logs.

Ever had the experience of typing too quick and ending up typing your password in the Login field? Since usernames are being logged, any user who can read the log can now read your password... Unless the logs are encrypted and you need a key not on the server that is...

Syslog is old (1)

mmontuori (2508452) | more than 2 years ago | (#38230388)

The basic syslog daemon is very old, change is good sometimes... personally I am not familiar with The Journal tool, however, it sounds very interesting. I am just curious about certificate management and CPU usage to achieve the encryption. Virtualized environments will suffer in high demand logging applications...
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?