Sujet : Re: More systemdCrap
De : jmccue (at) *nospam* qball.jmcunx.com (John McCue)
Groupes : comp.os.linux.miscDate : 11. Mar 2025, 18:37:33
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <vqpsct$234iu$1@dont-email.me>
References : 1 2 3 4 5 6 7 8 9
User-Agent : tin/2.6.3-20231224 ("Banff") (OpenBSD/7.6 (amd64))
Carlos E.R. <
robin_listas@es.invalid> wrote:
On 2025-03-11 08:58, The Natural Philosopher wrote:
On 10/03/2025 22:28, John Ames wrote:
On Mon, 10 Mar 2025 23:14:19 +0100
"Carlos E.R." <robin_listas@es.invalid> wrote:
>
Nothing is broken, it has been intentionally designed this way
>
Okay, sure - but that design is stupid.
>
Exactly.
Journalctl should be able to take the One True Logfile and scan it,
rewriting items to be retained and discarding items to be deleted .
Nope.
That's manipulating information and has legal implications. Yes,
that's the intentional reason why systemd refuses to do it.
I thought of this after I posted about the journal being a
database of sorts. And yes, if this really worked it would
make a lot of sense.
But a person wanting to hide something would just delete all
the log files and have done with it, not take the time to
look for a specific entry.
In anycase, to me the best way to save log data is to mirror
it on a server only trusted people have access to, syslog
can do this. I remember people asked for this with journald
and the response was to somehow pipe the data from journald
into syslogd and that would mirror it.
Also if entries are removed from the journal, a log on the
remote system could be added stating "this entry was deleted
by ? on ?". But maybe the design makes this too hard.
-- [t]csh(1) - "An elegant shell, for a more... civilized age." - Paraphrasing Star Wars
More systemdCrap
Re: More systemdCrap