On Tue, Jun 3, 2014 at 12:00 PM, Aaron Hunter <[email protected]> wrote: > It's journald that concerns me the most. journald replaces (r)syslog > entirely. It does not provide syslog format log files nor even text based > log files. Instead, as I understand it, journald uses only a binary log > format. This means that the text format based OSSEC rules will no longer > work on a pure journald system. OSSEC would have to talk directly to > journald (through D-BUS?) and its rules would have to be re-written for the > new binary format. That sounds like a significant undertaking which is why I > raised this question. journald is a wholesale replacement of the current > syslog based logging system with an entirely different paradigm. > > I think syslog can still be installed and connected to journald as a > work-around but I'm not certain. >
OSSEC does not have any support for journald. I'd skip it, or start working on adding support. But preferably skip journald. > --Aaron > > > > > On Tuesday, June 3, 2014 9:16:19 AM UTC-4, Darin Perusich wrote: >> >> The ossec package I maintain for OpenSUSE has full systemd support and >> it works without issue, it is after all a "drop in" replacement for >> sysvinit and maintains full backwards comparability. >> >> https://build.opensuse.org/package/show/server:monitoring/ossec-hids >> -- >> Later, >> Darin >> >> >> On Tue, Jun 3, 2014 at 8:10 AM, Jeremy Rossi <[email protected]> >> wrote: >> > * dan (ddp) <[email protected]> [2014-06-03 08:01:37 -0400]: >> > >> > >> >> On Tue, Jun 3, 2014 at 7:38 AM, Aaron Hunter <[email protected]> >> >> wrote: >> >>> >> >>> I wanted to know if the introduction of systemd and journald cause any >> >>> problems for OSSEC. I am preparing to test RHEL 7.0 and was hoping to >> >>> hear >> >>> from others about any issues they may have encountered. >> >>> >> >> >> >> As long as the system still writes logs in the "standard" syslog >> >> formats, there shouldn't be any issues*. >> > >> > >> > Reading the Rhel beta docs things will be fine for the most part ;) some >> > tuning will be needed like everything that changes, but overall and for >> > most things it will just work. >> > OSSEC does not talk directly to systemd or its children processes, but >> > if someone would like to it add we always welcome patchs/pull requests. >> > -- >> > >> > --- You received this message because you are subscribed to the Google >> > Groups "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
