Freitag, 24. Mai 2013

Rsyslog vs. Systemd Journal?

von Rainer Gerhards (Adiscon GmbH)

Friday, 24.05.2013, New York I, 17:15-18:00 Uhr

The systemd journal announcement in 2011 lead to a big heated discussion whether or not the end of line for syslog has been reached. The original journal announcemnt posted a number of claims that the syslog community considered as simply wrong. However, there were also some good arguments present. Since then, roughly one and a half year has passed.

What is the situation currently? Is it still "(r)syslog vs. the journal" or has there some common ground been reached? Without disclosing too much, it can be said that the situation has been reliefed. In this talk, we will show the current state of the art, as perceived by a syslog guy. Obviously, we will take the rsyslog perspective. The talk consists of two parts:

The first part will cover current state of journal/syslog integration, deployment scenarios and the state of structured logging. It will also describe the architecture of a modern syslogd (not just rsyslog's!) and why it is a very flexible tool. We will also convey in which environment we see primary need for a syslog implementation. This will be the main focus of the talk.

As time permits, in the second part, we will show how to configure many of those things that we said to be "impossible" to do with syslog. This hopefully provides some insight into why the discussion was heated in the first place and also how to solve some practical problems using existing syslog technology (technology that is most importantly available today in enterprise Linux distributions).

• Project Main Site
• rsyslog main author's blog
• Folien / Slides (PDF)
• Folien / Slides (ODP)
• Handout (ODT)

Über den Autor Rainer Gerhards:

Rainer Gerhards ist Entwicklungsleiter bei der Adiscon GmbH. Dort ist er für die Entwicklung von Monitoringlösungen verantwortlich. Formal ist er Betriebswirt/Wirtschaftsinformatik, sein Herz gilt aber dem techischen Bereich. Er beschäftigt sich seit 1983 vornehmlich mit systemnaher Programmierung unter verschiedensten Betriebssystemen. Seine ersten Erfahrungen mit Open Source gehen auf die 80er Jahre im Public Domain Umfeld zurück. Mit der aktuellen Open Source Umgebung beschäftigt er sich seit 2003. Hier in Form des Maintainers für liblogging und rsyslog, beides syslog-Implementierungen. In der Zeit dazwischen, und auch immer noch, arbeitet er an closed source unter Windows. Rainer Gehards ist Mitglied der IETF-Syslog Arbeitsgruppe und Autor verschiedenster RFCs zum Syslog-Protokoll, darunter Basis-RFC 5424. Er lebt in Großrinderfeld bei Würzburg.