It's journald that concerns me the most. journald replaces (r)syslog entirely. It does not provide syslog format log files nor even text based log files. Instead, as I understand it, journald uses only a binary log format. This means that the text format based OSSEC rules will no longer work on a pure journald system. OSSEC would have to talk directly to journald (through D-BUS?) and its rules would have to be re-written for the new binary format. That sounds like a significant undertaking which is why I raised this question. journald is a wholesale replacement of the current syslog based logging system with an entirely different paradigm.
I think syslog can still be installed and connected to journald as a work-around but I'm not certain. --Aaron On Tuesday, June 3, 2014 9:16:19 AM UTC-4, Darin Perusich wrote: > > The ossec package I maintain for OpenSUSE has full systemd support and > it works without issue, it is after all a "drop in" replacement for > sysvinit and maintains full backwards comparability. > > https://build.opensuse.org/package/show/server:monitoring/ossec-hids > -- > Later, > Darin > > > On Tue, Jun 3, 2014 at 8:10 AM, Jeremy Rossi <[email protected] > <javascript:>> wrote: > > * dan (ddp) <[email protected] <javascript:>> [2014-06-03 08:01:37 > -0400]: > > > > > >> On Tue, Jun 3, 2014 at 7:38 AM, Aaron Hunter <[email protected] > <javascript:>> > >> wrote: > >>> > >>> I wanted to know if the introduction of systemd and journald cause any > >>> problems for OSSEC. I am preparing to test RHEL 7.0 and was hoping to > >>> hear > >>> from others about any issues they may have encountered. > >>> > >> > >> As long as the system still writes logs in the "standard" syslog > >> formats, there shouldn't be any issues*. > > > > > > Reading the Rhel beta docs things will be fine for the most part ;) some > > tuning will be needed like everything that changes, but overall and for > > most things it will just work. > > OSSEC does not talk directly to systemd or its children processes, but > > if someone would like to it add we always welcome patchs/pull requests. > > -- > > > > --- You received this message because you are subscribed to the Google > > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
