On 22/11/17 17:35, Arnt Karlsen wrote:
..to reiterate: Is there a way to decode and read those binary
systemd journal logs on classic POSIX/Unix etc forensic systems
_not_ running systemd?
Of course.
Either install a tool that does it for you, i.e. journalctl, or write a
tool to do it using the publicly available documentation.
..the "strings" approach suggested by John Hughes requires an intimate
knowledge of systemd and might be relevant if the investigations were
on "systemd sabotaging Devuan playing _new_ zero-day dirty tricks."
Intimate knowledge? No, all it requires knowing is that most of the
fields in a systemd journal are ascii keyword=value pairs.
Tell you what, I'll see if I can write a little perl script to output a
systemd journal in a format a little more pretty than strings(1) for
you, give me a day, ok?
..so, the systemd crowd should have an interest in e.g. exposing
"Devuan incompetence and paranoia" by coming up with an easy way
to decode and read binary systemd journal logs without having to
run systemd, to prove their case on "Devuan incompetence and
paranoia on systemd", rather than confirm my current belief.
incompetence is your word, not mine. Paranoia seems to fit some
people. For example, what do you mean by "_new_ zero-day dirty tricks"
above?
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
