In association with heise online

21 November 2011, 15:54

Journal: end of the line for syslog?

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Tux Lennart Poettering and Kay Sievers have developed a new Linux logging system with the aim of replacing syslog. The two Red Hat developers hope that their Journal daemon will resolve a number of perceived problems with syslog, the current industry standard for logging on Unix systems.

The fact that syslog entries are arbitrary strings stored in a text file with no metadata makes it hard to automate the evaluation of syslog information or to perform simple tasks such as "Display the last ten messages from the Foo service". Poettering and Sievers also see syslog as lacking security features. Processes are able to create entries under false pretences, the log can be retrospectively modified allowing hackers to cover their tracks and access control is all or nothing – a user can either read the entire log or nothing at all. Syslog is also unable to store binary data, which may occasionally be necessary.

The Journal daemon is intended to answer these, and other, criticisms. Logging information is stored in binary form as a list of key-value pairs. The Journal daemon adds metadata – such as the process ID and name of the sender, user and group IDs and other relevant system information – to each log entry. There is an overview of currently defined metadata fields. Developers can generate a universally unique identifier (UUID) for each type of logging entry. This facilitates classification and the process of searching for specific entries.

The developers have integrated Journal with systemd, which controls booting and monitors running services. Their justification for doing so is that logging is a "core part of service management". According to Sievers and Poettering, the core functionality of the Journal daemon has been implemented and is available in the 'journal' branch of the systemd git repository. The Journal daemon can be addressed both through the standard logging interface, using printk() (kernel) and syslog(3) (userland), and through a native API. The two developers are planning to use the syslog replacement for a few select components in the forthcoming Fedora 17.

Lennart Poettering and Kay Sievers work for Red Hat and have made something of a name for themselves in recent years by introducing new ideas to replace established Unix concepts. Poettering is the author of sysvinit alternative systemd, intended to provide Linux with a modern booting system and a high performance service management system, which is finding its way into an increasing number of distributions. Other Poettering developments include the PulseAudio sound system and the /run directory for runtime data such as process IDs, socket information and lock files. Kay Sievers is one of the driving forces behind the idea of moving all programs to /usr/bin.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit