Why should I care that you don't use a systemd distro? If you are making money on Linux, great. If you are using eg. Slackware to do so, hey, that is great too. I respect mr. Volkerding and his way of making a distro.

I like freedom of choice and I think systemd provides exactly that. Even if you don't like it, you benefit from the fact that there now are several udev-implementations (before there was just udev and the limited mdev) and several ConsoleKit/systemd-logind implementations (before systemd there was only CK).

But apparently the freedom of choice doesn't include the right to choose systemd.

That is a major problem with the behaviour of the anti-systemd camp; they won't accept that highly skilled Linux developers (including Kernel developers) and experienced distro and system maintainers, thinks that systemd is superior to whatever else out there, and therefore chooses to build their distro around it.

This lack of accepting other peoples freedom of choice is why you are trolling a Debian thread, even though you don't use the distro and claim you never will.

So think about what you are actually doing before saying "freedom of choice" again.

The classic problem was speed. A DB was fine for storing and analysing, but could be severe bottleneck for log sinks.
It isn't so great for local system logging either since DB's tend to appear rather late in the boot sequence.

With journald you can have system logging before the rootfs is even mounted, and since both systemd and journald can pivot back to initramfs after the rootfs has been unmounted, you can potentially have logging after that.

These days it seems that people are using a mixture of DB's and heavily data massaged text logs (JSON etc) combined with a special index (Splunk etc).

There will never a single log storage solution for all, since the tools chosen will reflect the problems trying to be solved. For some it is auditing that is important, for others it is analysing website usage.

But since systemds journal is structured and field based, it is very easy to convert its log entries to standard JSON etc that consistently fits other storage means. A huge improvement over the many different syslog implementations.

Re: triggers. You don't use "journalctl" for that, but the API/libraries/language bindings. systemd provides a really good and well documented framework for making triggers, but don't provide them as such. You can have instantly triggered events on file systems that supports it.
"man sd_journal_get_events" documents the C API:
http://www.freedesktop.org/sof...

But there are also Ruby, Python, Go bindings etc. All in all I think systemd/journald is a major upgrade when it comes to log watchers; stable API, field based filtering, many language bindings, instant notifications etc.

Yes, so I know the many limitations of doing so. It is of course of interest to know that Rainer started the Rsyslog project exactly to overcome the many problems with the old syslog(3) interface, especially the problems with flat file text logs.

I have much respect for the Rsyslog developers work and it certainly weren't their fault they couldn't fix all the problems they set out to solve. So I am glad that Rsyslog now can read/write systemd journal files, meaning that it can be used as a log sink (at least for simpler cases) without regressing to using flat text log files.

"systemtctl" is a first class classic Linux/Unix tools that works together with all the standard Linux tools like sed, awk, grep, less, tee and what not.

It isn't interactive, it isn't chatty on success, can be piped etc, just like all the good ole GNU stuff. Sure, it can read binary text files like the journal, but so can "last" that is required to be Posix compliant (used to read the utmp/wtmp binary log files). And what about zgrep?

The systemd journal file format (basically an appended text file with non-standard delimeters+index) is fully documented and have excellent language bindings, making it trivial to make eg. Python scripts that read/writes directly into the journal. So it is trivial to make a "jgrep" or a "jless" that can directly read the journal if that is what you want.

The point is that "field" based logging is superior to the unstructured text dumps that syslog makes.

Come on, claiming that regular expressions are easy is laughable. The old joke "I had problem. I decided to solve it with regex. Now I have two problems" is still true.

Not talking about that people should know the difference between regular and extended expressions, and that each and every tool uses its own maddening variation. Basically, if you don't use regular expressions as part of your everyday job, you are unable to use it without heavy man-page consulting for just the basic syntax.

I seriously doubt that any more than a tiny fraction of Linux users are able to whip out an even moderately complex regex. And that means the vast majority of Linux users can't filter their logs to any serious degree. It is so sad to see how people are literally trawling through the logs, reading them as a book in order to find problems. People are even using "vi" to do it, yikes.
systemd's journal basically solves this problem for good for Linux newbies. It is fun to see how productive people can become with "journactl" after a 10 minute introduction.

For power users, the field based approach is immensely powerful too. If you remember how Rsyslog started a decade ago, it was exactly to overcome the many limitations of flat file text logs.

It is a superb way to filter from both "that boot only" and "this severity only". One reason why you probably haven't tried it is because this is very hard to do using generic tools using flat file syslog text logs.

Even this is something journald does so much better than syslog; There is kernel guarantee that the source is always is always what it claims to be. Same with what program generated the log entry. It can even distinguish between two instances of the same program running simultaneously since each and every log entry is stamped with a unique id (and session ID, and machine ID so you can trail logs even if the hostname/IP changes or across multiple machines and OS containers).

As for time based filtering: I just love "journalctl --since -10m" (show everything that happened from 10 minutes ago) or "journalctl --since -3w -u smartd.service".

As for filtering per boot. If it had been easy to with syslog, I would have done so many times. Being able to only see the relevant boot is great, but it is also really powerful to compare two different boots using monotonic timestamps.

Actually I am old enough to have installed Slackware from 40 floppies (never again). Yes I have the O'Reilly books on sed, awk, bash etc.

But I see how you skipped my challenge, should be trivial since you claim it is CLI n00b stuff.

The point is that I am not the only one who thought that Linux logging have been a mess from the beginning. I had high hope when Rsyslog started, and they did fix several glaring errors, but in the end they failed because of the total lack of coordination in the Linux world. You can't really improve syslog, because then it wouldn't be syslog, and then userland don't support it. This circular dependency have been holding Linux back in several key areas.

The discussions of the many limitations of syslog, SysVinit, and X and Linux goes back to the previous century. It was just extremely hard problems to solve, so too many people have been confusing the longevity of SysVinit, syslog(3) and Xfree/X.org with any inherent quality. They all served their purpose in their time, but have been obsolete for at least a decade an a half. With systemd and Wayland, several of those systemtic problems have been solved for good, and that is something I really appreciate as a long time Linux user.

With some exaggeration, I think that using regex tools to do even basic log filtering is the perfect "Turing tar pit": "in which everything is possible but nothing of interest is easy.

Don't get me wrong, I like regex tools. Being able to utilise them is a major reason for why I like Linux so much, and the knowledge have of such tools have proven very useful many times outside Linux admin. But regex quickly becomes really unwieldy looking much like line noise. The main problem isn't the regex tools, but that syslog log files have such a loose structure. Having field based filtering just makes everything so much more powerful and easier.

What "state" are you talking about. This is Linux/Unix, not a transactional OS. systemd doesn't perform "roll backs". What trivial reason? Maybe that could explain what you are trying to say. It really sounds like you have no personal experience with systemd nor have read anything about it.

There are no "shims" necessary to run systemd. On Debian there is "logind-shim", but no one should use that instead of the proper systemd-logind.

Comments like that, and your bizarre claim of " rolls the system back to start state" makes me suspect that you don't have actual personal understanding and experience of systemd management.

Sure, truly understanding systemd require some serious study, something way too many have neglected, thinking they could just wing it when time came. The payback for the time spend studying is that systemd also have some serious cool technology that is far superior to everything else in Linux/Unix land.

It is exactly because the systemd-hater camp apparently consist of technical illiterates like you, that they have lost each and every technical argument on all major distros. Ad hominem attacks and poisonous threats and trolling systemd threads are all you can do. Almost all volunteer developers have left the non-systemd camp because of its toxic atmosphere where attacking open source developers and users are as normal as breathing air.

Think about it; the anti-systemd faction couldn't even muster 5 Debian developers to sponsor a GR bill to overturn the technical committees decision of making systemd default init.

The negative, hate-driven anti-systemd campaign have resulted in that 100% of all commercial general Linux distros and most of the community driven distros are behind systemd and are supporting it. Talk about a losing campaign strategy.

Yes, I know what I am talking about since I both use systemd and have read the systemd documentation. This is unlike you and the rest of the toxic systemd-haters who only repeat the party line as regurgitated by loony blogs, but hasn't bothered reading even the systemd man-pages.

systemd really is rock solid and amazingly secure by default. The fact that it uses "namespaces", "cgroups" and "capabilities" to protect long running system daemons, is far superior to what any other non-systemd distro have to offer.

While the systemd-haters are still wasting time trolling systemd-threads, their non-systemd distros slowly whither away by complete lack of development. But then again, does anybody actually care?

Coward!

Yes, the journal really is brilliant. It just solves so many decade old logging Linux problems, and make hard stuff very easy.

I was sceptical about binary log files when I first heard about it, but just playing around with "journalctl" for 10 minutes convinced me wholly.

You are just talking bullshit here. I have been using systemd for +4 years now and it has been rock stable.
Besides, systemd systems are so much nicer to debug than distros glued together with shell scripts.

Just the fact that you can have full logging and the systemd tools working from initramfs is a vast improvement, and the systemd journal beats all other Linux logging options by a huge distance; field based filtering and monotonic timestamps are just great when debugging boot problems.

Being able to do a "journalctl -b -1 -p err" is so much better than faffing around with grep and regex. (the line shows all log entries from the previous boot with the syslog severity level "error" and above, try that with grep!).

You are seriously misinformed here; systemd provides a sNTPv4 client, not a ntp-server. It is a compile time option, so no distro ever needs to use it instead of their preferred sNTP-client. It is included in the systemd project for two main reasons; clock-less ARM boards and OS containers. Both have special timing needs since eg. an OS container can be "frozen" and "unfrozen" without warning. systemd provides them both with a solution so they don't gets confused by time jumps.

But perhaps you think choice is bad and there are too many sNTP clients so systemd developers should be banned from providing one?

Like what? systemd have extremely few external dependencies. And don't try the provable falsehood that systemd inserts "hard dependencies" in other projects like Gnome/KDE.
That Gnome have had problems supporting non-systemd distros was because those distros didn't care to maintain ConsoleKit. Gnome kept on supporting CK despite it having been abandoned for +1½ year with no upstream to provide bug-fixes or security fixes.

But thanks to systemd, there are now several alternatives to ConsoleKit. Choice is good.

Again, you are really misinformed here; how can systemd ever make it harder for non-systemd distros that are using mdev or vdev or eudev?

If a non-systemd distro wants to use unpredictable network names they can do so.
With systemd distros here is how you turn off predictable network interface names:
http://www.freedesktop.org/wik...

Again, thanks to systemd the Linux ecosystem went from just having udev and mdev, to also having eudev and vdev and probably several more. So if you like choice, praise systemd for providing it.

Not necessarily. The alternative to no laws isn't bad laws.

As it is now companies can spew out insecure products with impunity and even silently drop any security support for devices consumers have just bought, not forgetting the classic tactic of not acknowledging security problems and just plain ignoring them. This can't go on.

Really, there ought to be some sensible minimum standards for commercial products that can be connected to the internet. This could include that the company had a decent policy for security fixes and a published contact point for people reporting such problems.

And how about a pre-published, minimum security support length, so that people buying a smartphone/router/etc. will know in advance how many years it will be supported with security fixes. There are "use by" dates on food, why not on all internet connected devices.

Yeah, I even found a man page that list all the man pages : "man systemd.index" and a index for all unit directives "man systemd.directives" with cross-references to the relevant man pages. Really useful stuff that shows the developers cares about end users.