From owner-freebsd-hackers@FreeBSD.ORG Sat May 3 12:39:31 2008 Return-Path: Delivered-To: hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DD95D1065674 for ; Sat, 3 May 2008 12:39:30 +0000 (UTC) (envelope-from lists@mschuette.name) Received: from mail.asta.uni-potsdam.de (mail.asta.uni-potsdam.de [141.89.58.198]) by mx1.freebsd.org (Postfix) with ESMTP id A8B5A8FC34 for ; Sat, 3 May 2008 12:39:30 +0000 (UTC) (envelope-from lists@mschuette.name) Received: from localhost (mail.asta.uni-potsdam.de [141.89.58.198]) by mail.asta.uni-potsdam.de (Postfix) with ESMTP id BE0951E5DC9 for ; Sat, 3 May 2008 14:39:29 +0200 (CEST) X-Virus-Scanned: on mail at asta.uni-potsdam.de Received: from mail.asta.uni-potsdam.de ([141.89.58.198]) by localhost (mail.asta.uni-potsdam.de [141.89.58.198]) (amavisd-new, port 10024) with ESMTP id S-pmAPv6MWxB for ; Sat, 3 May 2008 14:39:20 +0200 (CEST) Received: from [192.168.178.21] (BAA2eb1.baa.pppool.de [77.128.46.177]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "Martin Schuette", Issuer "AStA-CA" (verified OK)) by mail.asta.uni-potsdam.de (Postfix) with ESMTP id A03C31E5DBF for ; Sat, 3 May 2008 14:39:20 +0200 (CEST) Message-ID: <481C5CF9.1090705@mschuette.name> Date: Sat, 03 May 2008 14:39:21 +0200 From: =?ISO-8859-15?Q?Martin_Sch=FCtte?= User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: hackers@freebsd.org References: <481B7ED4.3020208@mschuette.name> <1723583765.20080503123027@mail.ru> In-Reply-To: <1723583765.20080503123027@mail.ru> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: Improving Syslog X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 May 2008 12:39:31 -0000 Anthony Pankov schrieb: > It is not pleasant to me that most comprehensible unix subsystem - > syslog - will grow to multipurpose monster. I would like to discuss this point further (so this mail got a bit longer) because I also thought about it and it basically depends on where you draw the line between basic functionality and uncommonly used feature or when to extend a grown system and when to completely refactor it. 1. Drawing the line in big binaries: On the one hand I do not want to introduce the feature list of syslog-ng (custom filters, regexp support, different message formats) into syslogd. That would clearly be the 'multipurpose monster' that belongs in the ports tree for those who need it. On the other hand I think TLS support is a basic functionality. We are not in the 1980s anymore and having TLS in the standard syslogd is IMHO no bloat but desirable. That would leave syslog-sign in the middle. I am really undecided about this, because it potentially has the most configuration options and settings and it could just be implemented as a proxy or a filter. But then again it does not introduce new dependencies, neither does it require any configuration for default usage, and having 5-10 processes (for every log destination) also seems excessive to me. I want to defer my judgement here until I studied at least the existing code for syslog-sec (http://sourceforge.net/projects/syslog-sec/), a preliminary implementation by Albert Mietus. 2. Redesign the syslog subsystem: To change the architecture would also be interesting. The result could be a whole chain of small programs somewhat like Postfix (http://www.postfix.org/big-picture.html) with a design similar to rsyslog (http://www.rsyslog.com/doc-generic_design.html) It would require - a set of collectors (kernel log, local sockets, UDP, TLS) - a set of destinations (UDP, TLS, file, pipe, console/tty/wall message, memory buffer) - some core elements (central dispatcher, memory queue) I only wonder if that would not be the bigger and more drastic change that would prevent adoption; just like FreeBSD keeps Sendmail instead of adopting Postfix in its base system. On a more pragmatic level I am also afraid this would break my schedule for the summer; so I will keep it in mind as a reminder to keep everything modular, but not persue it with high priority. (Or I might start with seperate threads in order to persue the design but not spent too much time with IPC details.) If there is consensus that this is the right way, then it would make a nice follow up project. -- Martin