Comment Re:Watching systemd evolve (Score 1) 765
What I am saying is that what systemd calls "log database" is no such thing and massively inferior to the real thing.
Please don't confuse the term database with a RDBMS or similar. A database can be a simple text file with structured data like
http://en.wikipedia.org/wiki/F...
systemd's journal is by any definition a database file and since it contains logging info, I fail to see the problem in calling it a "log database".
I also _know_ that people that put logs into databases uses real databases, you know the ones that come with ACID.
Some use ACID RDBMS, some use non-ACID NoSQL databases, etc. It all depends on needs and to why they collect the logs in the first place.
What you do _not_ do is change the on-machine logs into a wannabe-database. That is about the worst thing you can do.
You are of course wrong about this, Enterprise log analysers like Splunk uses simple files and indexes to store events etc. pretty much the same way that systemd does.
There is considerably overhead when using ACID RDBMS', so when things needs to be really fast you do stuff like systemd and Splunk does. Logstash (probably one of the more popular log-analysers) doesn't use a ACID compliant RDMBS as backend either (though it can if you want to).
The point is that the world of logging and databases have moved on considerably the last decade. The primary reason being more and more data that needs to be analysed (fast) for one reason or another (Business, real-time security etc.).
systemd's journal is a pretty significant upgrade to the otherwise rather fossilised world of Linux logging. Don't get me wrong, I have tremendous respect for the Rsyslog team, but they have been struggling for over a decade to solve just some of the problems systemd's journal now have solved.
And I have have never really seen any good argumentation against using binary, structured and indexed log files:
They can be read by all standard Linux text tools with piping.
There exist multiple independent readers for them.
The logs can be programmatically accessed through a myriad of languages.
They provide functionality that can't be matched with legacy syslog files.
There is no non-contrived scenario where they can't be read one way or another.
They can be exported in any format and have default export options for all relevant industry standards.
Unlike syslog output, they have a stable and documented API.
So there isn't any real downside to using binary journal log files, while there is considerably advantages.