Interesting discussion taking place in a r/joborun thread about building syslog-ng without systemd and telemetry!

What is interesting is that the author of syslog-ng took notice of the article and responded himself defending his choice.

This may continue so visit the link directly but here are the first two responses to the article:

https://www.reddit.com/r/joborun/comments/16x7u8o/users_of_syslogng_beware_telemetry_is_coming_not/
users of syslog-ng beware …. telemetry is coming! Not from skarnet

We updated syslog-ng to 4.4.0 to match Arch and noted they added grpc as dependency which is automatically used by the syslog-ng build.

extra/grpc 1.58.1-1

High performance, open source, general RPC framework that puts mobile and HTTP/2 first.

If you attempt to build with grpc the build fails due to lack of lib-systemd of specific version and newer. So we took a look at this grpc contraption and it involves googleapis among other good things like several uses of systemd utilities.

TELEMETRY popped its ugly head again, Due to conditioning of users to “accept” telemetry as a good thing it is spreading EVERYWHERE!

So Out goes “grpc” functionality from syslog-ng!! –disable-systemd –disable-grpc and go.

jobextra/syslog-ng 4.4.0-01 no systemd no grpc no telemetry no ipv6

The question is whether you can trust such software any more, due to the “innocent” choices they make. Remember the uses and reasons for choosing syslog-ng in the first place.

s6/66 logging abilities are inherent, clean, safe, and accessible

Before some smart##@@@## pops in here to point out the good reasons telemetry is used for, yes, lazy sysadmins who use telemetry on their enterprise to collect data to “improve” ….. COME ON!!! Useless sys-admins who can’t locate whether data is available to the root of the individual system, and can’t write a script to collect such data on booting/shutdown, and audit them centrally, benefit from automated systemd managed telemetry? Don’t expect all things to come from a distro, this is why they are paying you. On the other hand people (users and admins) should become more alert and conscious of such automated but hidden abilities. If you are a sysadmin in an enterprise class network, and you didn’t know this telemetry was built-in, your entire network is at risk, right? Are you getting paid for not knowing?

This is linux/unix, there is no such thing as good telemetry, only a security risk. Go ahead, allow IBM, Google, facebook, Oracle into your systems and trust that they have made the right choices in your favor!

NOT HERE or we will shut this down!

skarnet.org/software/s6/s6-log.html You’re wrong about being as powerful as syslogd: s6-log does not do remote logging.

level 1

bazsi771

syslog-ng author here. I am pretty sure there’s a misunderstanding somewhere. syslog-ng started to use grpc to be able to process OTLP, a protocol often used to deliver logs over a network. It makes sense both to able to consume and send logs via OTLP.

OTLP is the protocol used by the OpenTelemetry project which has nothing to do with usage telemetry of any kind. Telemetry is a new term in this context and it is defined as a combination of logs, metrics and traces.

Apart from that grpc is also used to send data to Loki (a user interface for log data), and online services such as Google BigQuery.

Also, systemd is not a dependency of grpc, syslog-ng integrates with systemd but only if the host OS uses it.

Both of these features can be disabled and neither talks home in any way.

I hope this clears any misunderstanding.

0

 

level 2

joborun

Op

 

Welcome, discussion is always a goal.

Need we reinstate the unix principles of software of doing one thing well and restrict itself in doing just this one thing and not expand into other utilities’ domain? Creating logs for A system and not administering enterprise needs for gathering logs of various systems are as far as I can tell very different objects and goals. But let us not get carried away needlessly, and attend to the environment this discussion is taking place.

FOR HOW LONG HAS SYSLOG-NG had this ability to communicate logs to the sys-admin?

Under what illusion or based on what objective information is a systemd based system “mainstream”, most “popular”, “common”, and a software writer needs to exclude all others to accommodate the needs of such? Media, generally paid to portray this IBM/RH contraption as such dominant force? Forums and social media who under the fake preface “init wars” have managed to block any criticism for systemd and protect those who choose to enforce it? Just look around discussions in r/linux r/debian r/arch or forums of such, and you will see there is no real discussion, as anyone who presented any criticism against that system is gone from the discussion. It is as if all participants agree but carry on a discussion alone.

Distrowatch, who makes money from distros that want to promote themselves, and in number predominantly use systemd, a few years back had a gallop for most popular init/(service manager/supervisor) and not only systemd came 2nd, but its newest competitors (OpenRC, Runit, s6) took more than 60% of the vote. OOoopss.. too late for IBM to silence this contradiction in “illusionary marketing”. What other evidence do we have?

Debian/Arch/Fedora/Linux-kernel.org published repo use counters? Don’t they all receive heavy funding from the same source? What pays for the tickets and luxurious accommodations to worldwide conferences and conventions to present their work? How does debian know when a systemd user is drawing from their repo and it is not devuan or antiX users? They don’t!

Last I checked in syslog-ng .configure -help it doesn’t say

–disable-openrc
–disable-s6
–disable-runit
–enable-systemd
–enable-grpc

By default syslog-ng is tangled up with what pid-eins or phoronix prescribe as a “must”! How many publications does it take for IBM to enforce there is a single choice! I urge you to go into phoronix and search for a single article in the past 10-15 years about runit, openrc, s6, I don’t know about sysv, I never bothered. The single defense of systemd “it is better than sysv because sysv is old” just doesn’t convince anyone I know. I don’t like religious people, can you tell?

In what way do you really think a single user/sys-admin of a single machine, is aware of the abilities those options carry? Same story with many others, KDE/plasma, intel, wacom, readily able to provide the lan/enterprise admin with “data”? Their fault, they should have read the documentation! — passive agressive bipolar disorder crappy defense

No, it is not their fault! It is the distro’s fault for allowing people using linux for years/decades, trusting software such as syslog-ng, catering to IBM-consulting clients and their off-the-street cheap labor as sys-admins, to employ centralized intelligence solutions automation, and suddenly, ONE DAY, they take their personal laptop to work, plug it in to get internet access, and a sys-admin is notified of a battery/ups problem with that machine! Clueless of how such a notice appeared to them. Clueless as to write a small script copied in every machine in the network to send a copy of important logging events at boot and shutdown times.

We build your software, we believe in choice, –disable-systemd and –disable-grpc (although we clearly would have preferred –enable instead) but we also encourage people to look at runit’s socklog, a separate and specific piece of software, or s6-socklog as lighter, smaller, faster, SAFER alternatives. My personal s6-log for dbus shows 3 minute activity in the past 28months, that was a test that it can be activated and logged properly.

PS If you don’t know your system has a certain ability, and such ability can be utilized by your trusty sys-admin who always offers you candy when visited, that same ability can be exploited in any network you can plug into. If it CAN be exploited, it will! It is much easier to CHOOSE and make conscious effort to SEND DATA, than to allow generally others to OBTAIN DATA from you, less consciously. Some of us choose to cater to end-users and some of us cater to top-end funders and clients. Guess which kind joborun falls into.

PS2 Just don’t take the candy, you never know what it is paying for!