journald and syslog, whichever your flavor, coexist without issue so I wouldn't be too concerned about it. -- Later, Darin
On Tue, Jun 3, 2014 at 12:30 PM, dan (ddp) <ddp...@gmail.com> wrote: > On Tue, Jun 3, 2014 at 12:00 PM, Aaron Hunter <aaron.hunt...@gmail.com> wrote: >> It's journald that concerns me the most. journald replaces (r)syslog >> entirely. It does not provide syslog format log files nor even text based >> log files. Instead, as I understand it, journald uses only a binary log >> format. This means that the text format based OSSEC rules will no longer >> work on a pure journald system. OSSEC would have to talk directly to >> journald (through D-BUS?) and its rules would have to be re-written for the >> new binary format. That sounds like a significant undertaking which is why I >> raised this question. journald is a wholesale replacement of the current >> syslog based logging system with an entirely different paradigm. >> >> I think syslog can still be installed and connected to journald as a >> work-around but I'm not certain. >> > > OSSEC does not have any support for journald. I'd skip it, or start > working on adding support. But preferably skip journald. > >> --Aaron >> >> >> >> >> On Tuesday, June 3, 2014 9:16:19 AM UTC-4, Darin Perusich wrote: >>> >>> The ossec package I maintain for OpenSUSE has full systemd support and >>> it works without issue, it is after all a "drop in" replacement for >>> sysvinit and maintains full backwards comparability. >>> >>> https://build.opensuse.org/package/show/server:monitoring/ossec-hids >>> -- >>> Later, >>> Darin >>> >>> >>> On Tue, Jun 3, 2014 at 8:10 AM, Jeremy Rossi <jer...@jeremyrossi.com> >>> wrote: >>> > * dan (ddp) <ddp...@gmail.com> [2014-06-03 08:01:37 -0400]: >>> > >>> > >>> >> On Tue, Jun 3, 2014 at 7:38 AM, Aaron Hunter <aaron....@gmail.com> >>> >> wrote: >>> >>> >>> >>> I wanted to know if the introduction of systemd and journald cause any >>> >>> problems for OSSEC. I am preparing to test RHEL 7.0 and was hoping to >>> >>> hear >>> >>> from others about any issues they may have encountered. >>> >>> >>> >> >>> >> As long as the system still writes logs in the "standard" syslog >>> >> formats, there shouldn't be any issues*. >>> > >>> > >>> > Reading the Rhel beta docs things will be fine for the most part ;) some >>> > tuning will be needed like everything that changes, but overall and for >>> > most things it will just work. >>> > OSSEC does not talk directly to systemd or its children processes, but >>> > if someone would like to it add we always welcome patchs/pull requests. >>> > -- >>> > >>> > --- You received this message because you are subscribed to the Google >>> > Groups "ossec-list" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> > an >>> > email to ossec-list+...@googlegroups.com. >>> > For more options, visit https://groups.google.com/d/optout. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ossec-list+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
