Deutsch English Français Italiano |
<vqpsct$234iu$1@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!weretis.net!feeder9.news.weretis.net!news.quux.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail From: John McCue <jmccue@qball.jmcunx.com> Newsgroups: comp.os.linux.misc Subject: Re: More systemdCrap Date: Tue, 11 Mar 2025 17:37:33 -0000 (UTC) Organization: A noiseless patient Spider Lines: 41 Message-ID: <vqpsct$234iu$1@dont-email.me> References: <vqn41l$1efis$1@dont-email.me> <vqna2v$1fks2$1@dont-email.me> <vqnbm7$1g56j$1@dont-email.me> <gjo3alxe38.ln2@Telcontar.valinor> <vqnja1$1hrbi$1@dont-email.me> <rq44alxv4u.ln2@Telcontar.valinor> <20250310152856.00004b5a@gmail.com> <vqoqfk$1s78c$3@dont-email.me> <h8m5alx305.ln2@Telcontar.valinor> Reply-To: jmclnx@SPAMisBADgmail.com Injection-Date: Tue, 11 Mar 2025 18:37:34 +0100 (CET) Injection-Info: dont-email.me; posting-host="b8a52e2e891bc8ac285447f3748052cf"; logging-data="2200158"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/vAm8v9JuFbvOBFhWtmLyi" User-Agent: tin/2.6.3-20231224 ("Banff") (OpenBSD/7.6 (amd64)) Cancel-Lock: sha1:Nv8bmqbzUI0wQk4Vev/LLY7qgU8= X-OS-Version: OpenBSD 7.6 amd64 Bytes: 2790 Carlos E.R. <robin_listas@es.invalid> wrote: > On 2025-03-11 08:58, The Natural Philosopher wrote: >> On 10/03/2025 22:28, John Ames wrote: >>> On Mon, 10 Mar 2025 23:14:19 +0100 >>> "Carlos E.R." <robin_listas@es.invalid> wrote: >>> >>>> Nothing is broken, it has been intentionally designed this way >>> >>> Okay, sure - but that design is stupid. >>> >> Exactly. >> >> Journalctl should be able to take the One True Logfile and scan it, >> rewriting items to be retained and discarding items to be deleted . >> > Nope. > > That's manipulating information and has legal implications. Yes, > that's the intentional reason why systemd refuses to do it. I thought of this after I posted about the journal being a database of sorts. And yes, if this really worked it would make a lot of sense. But a person wanting to hide something would just delete all the log files and have done with it, not take the time to look for a specific entry. In anycase, to me the best way to save log data is to mirror it on a server only trusted people have access to, syslog can do this. I remember people asked for this with journald and the response was to somehow pipe the data from journald into syslogd and that would mirror it. Also if entries are removed from the journal, a log on the remote system could be added stating "this entry was deleted by ? on ?". But maybe the design makes this too hard. -- [t]csh(1) - "An elegant shell, for a more... civilized age." - Paraphrasing Star Wars