* Aaron Hunter <[email protected]> [2014-06-03 09:00:06 -0700]:
It's journald that concerns me the most. journald replaces (r)syslog
entirely. It does not provide syslog format log files nor even text based
log files. Instead, as I understand it, journald uses only a binary log
format. This means that the text format based OSSEC rules will no longer
work on a pure journald system. OSSEC would have to talk directly to
journald (through D-BUS?) and its rules would have to be re-written for the
new binary format. That sounds like a significant undertaking which is why
I raised this question. journald is a wholesale replacement of the current
syslog based logging system with an entirely different paradigm.
from:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/pdf/Migration_Planning_Guide/Red_Hat_Enterprise_Linux-7-Beta-Migration_Planning_Guide-en-US.pdf
On Red Hat Enterprise Linux 7, rsyslog and journald coexist. The data
collected by journald is forwarded to rsyslog, which can perform further
processing and store text-based log files. By default, rsyslog only
stores the journal fields that are typical for syslog messages, but can
be configured to store all the fields available to journald. Red Hat
Enterprise Linux 7 therefore remains compatible with applications and
system configurations that rely on rsyslog.
I think syslog can still be installed and connected to journald as a
work-around but I'm not certain.
It sure can ;)
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
