Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

Le 22/11/2017 à 16:46, Arnt Gulbrandsen a écrit : Didier Kryn writes:     Well, postgress is a database manager. You have a choice of several others; they must be able to deal with high fluxes of data. None of them is a critical system component. WTF? Postgres is a critical system component o

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

Didier Kryn writes: Well, postgress is a database manager. You have a choice of several others; they must be able to deal with high fluxes of data. None of them is a critical system component. WTF? Postgres is a critical system component of every single server where I've ever installed th

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

Le 22/11/2017 à 13:58, Arnt Gulbrandsen a écrit : If you really want to look at the details in postgres, you can take a good guess at whether two rows were inserted at the same time or one later than the other.     Well, postgress is a database manager. You have a choice of several others; th

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

On 2017-11-22 09:46 AM, Arnt Gulbrandsen wrote: Aldemir Akpinar writes: No, I've actually asked an honest question. In that case you'll get my honest answer. I've implemented several file/network formats vaguely like that journal format, one of them has likely been used by millions of people

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

Aldemir Akpinar writes: No, I've actually asked an honest question. In that case you'll get my honest answer. I've implemented several file/network formats vaguely like that journal format, one of them has likely been used by millions of people. In each case, the team decided to use a heade

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

On 22/11/17 15:08, Aldemir Akpinar wrote: On 22 November 2017 at 17:03, John Hughes > wrote: On 22/11/17 14:18, Aldemir Akpinar wrote: Could you elaborate why are you comparing a relational database system where its files must be binary with a logging s

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

On 22/11/17 14:22, Arnt Gulbrandsen wrote: Aldemir Akpinar writes: Could you elaborate why are you comparing a relational database system where its files must be binary with a logging system where its files doesn't need to binary? You make it sound is if binary files were some sort of horror

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

On 22 November 2017 at 17:22, Arnt Gulbrandsen wrote: > Aldemir Akpinar writes: > >> Could you elaborate why are you comparing a relational database system >> where its files must be binary with a logging system where its files >> doesn't need to binary? >> > > You make it sound is if binary file

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

Aldemir Akpinar writes: Could you elaborate why are you comparing a relational database system where its files must be binary with a logging system where its files doesn't need to binary? You make it sound is if binary files were some sort of horror that requires special justification. Please

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

On 22 November 2017 at 17:03, John Hughes wrote: > On 22/11/17 14:18, Aldemir Akpinar wrote: > > > That's routine. Few readers read everything that can be read. For example, >> look at postgres. Its binary file format reveals quite a bit more than you >> can get using psql, and by design: The wri

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

On 22/11/17 14:18, Aldemir Akpinar wrote: That's routine. Few readers read everything that can be read. For example, look at postgres. Its binary file format reveals quite a bit more than you can get using psql, and by design: The writer and binary format are intended for storing

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

> That's routine. Few readers read everything that can be read. For example, > look at postgres. Its binary file format reveals quite a bit more than you > can get using psql, and by design: The writer and binary format are > intended for storing things quickly and reliably, and the reader for > re

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

Arnt Karlsen writes: you appear to suggest that law enforcement wanting to read systemd journal logs, _should_ depend on the mercy of systemd developers not "filtering" away inconvenient evidence of e.g. systemd developer wrongdoing from said law enforcement. That's routine. Few readers read

[DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

On Wed, 22 Nov 2017 07:19:20 +0100, John wrote in message : > On 22/11/17 02:59, Arnt Karlsen wrote: > > On Tue, 21 Nov 2017 18:21:14 +0100, John wrote in message > > : > > > >> (Damn but the systemd journal is great :-)) > > ..is there a way to decode and read those binary systemd journal >