From Fedora Project Wiki

< Changes

Revision as of 18:45, 8 July 2013 by Lennart (talk | contribs)

No More Syslog

Summary

Change "comps" to no longer install a syslog service by default, more specifically let's remove rsyslog from the default install!

Owner

Current status

  • Targeted release: Fedora 20
  • Last updated: 2013-07-08
  • Tracker bug: <will be assigned by the Wrangler>

Detailed Description

Let's change the default install to no longer install a syslog service by default, let's remove rsyslog from the "comps" default.

The journal has been around for a few releases and is well tested, F19 already enabled persistent journal logging on disk, thus all logs have been stored twice on disk, once in journal files and once in /var/log/messages. This feature hence recommends no longer installing rsyslog by default, thus leaving only the journal in place.

rsyslog should be the recommended option to install if users require /var/log/messages or need support for the syslog network protocol. It's sufficient to install and start rsyslog to get /var/log/messages and BSD syslog support.

Benefit to Fedora

Our default install will need less footprint on disk and at runtime (especially since logs will not be kept around twice anymore). We'll boot a bit faster.

Scope

Simply remove "rsyslog" from all default install groups in "comps".

Packages which strictly require /var/log/messages to exist might need updating to gain dependencies on some kind of syslog daemon (but they needed that before too, so this is mostly just bugfixing that's useful anyway). If any of the packages in the default install is one of those, we need to look at it in detail, and find a solution. However, currently no package of the default install is requiring a syslog implementation.

Some tools such as logcheck might need to be updated to process data from the journal instead of /var/log/message. This should be fairily easy as "journalctl" generates the same output as "cat /var/log/messages" previously did.

  • Proposal owners: Commit a change to "comps" to remove "rsyslog" from it. Drop in a file /var/log/README informing users where the log files went, and how do get to the same data as before.
  • Other developers: logcheck needs updating to stay useful.
  • Release engineering: nothing really.
  • Policies and guidelines: nothing really. Maybe the guidelines should clarify that /var/log/message doesn't exist on many systems, but that was already the case before -- so little changes.

Note that logrotate should stay in the default install, as it is required to rotate wtmp and btmp (the journal synchronously rotates before writing and does not require logrotate for operation).

Upgrade/compatibility impact

Old installs will continue to have rsyslog installed, nothing changes for them.

How To Test

Just make sure that everything works correctly. However, given that the journal has been around for a while little additional testing should be necessary.

User Experience

"cat /var/log/messages" will now become "journalctl".

"tail -f /var/log/messages" will now become "journalctl -f".

"grep foobar /var/log/messages" will now become "journalctl | grep foobar".

Dependencies

logcheck might need updating.

Contingency Plan

  • Contingency mechanism: Readd "rsyslog" to comps.
  • Contingency deadline: beta release
  • Blocks release? probably

Documentation

"journalctl" has been documented extensively, so no additional documentation should be necessary.

Release Notes

Something like this should be added to the release notes:

"Note that F20 does not install a Syslog service by default anymore. For browsing log messages please type "journalctl" rather than "cat /var/log/messages". Please type "journalctl -f" instead of "tail -f /var/log/messages". Please use "journalctl | grep foobar" instead of "grep foobar /var/log/messages". If the administrator needs /var/log/messages or support for the BSD syslog network protocol we recommend installing a syslog daemon such as rsyslog or syslog-ng with a command like like the following:

$ yum install rsyslog"