Bug 1168956

Summary: [RFE] Send logs to journald
Product: Red Hat Enterprise Linux 7 Reporter: Martin Kosek <mkosek>
Component: httpdAssignee: Luboš Uhliarik <luhliari>
Status: CLOSED DEFERRED QA Contact: BaseOS QE - Apps <qe-baseos-apps>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.1CC: fweimer, jkaluza, jorton, jpazdziora, ohudlick, pvoborni
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-07-13 15:05:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 963620    
Bug Blocks:    

Description Martin Kosek 2014-11-28 14:09:02 UTC 
Description of problem:

Instead of writing the debug logs directly to the disk, it is possible to send them to journald, on platforms where journald is available.

The biggest benefit is that the debug logs are structured, so it's possible to decorate the debug messages with key/value pairs and later query based on these extra fields.

This feature is a required so that FreeIPA project can implement additional log processing or auditing capabilities. See upstream ticket for details: ​https://fedorahosted.org/freeipa/ticket/4296.
Comment 1 Jan Kaluža 2015-02-18 08:24:59 UTC 
We could backport this feature, but there's big performance hit when logging anything except error_log with LogLevel warn to journald. See Bug 963620.
Comment 3 Jan Kaluža 2015-04-29 09:09:12 UTC 
Note that even for high LogLevel, this could make DoS attacks easier for an attacker who would generate requests which would trigger per-request error in the error_log.
Comment 5 Martin Kosek 2015-05-05 09:59:40 UTC 
For FreeIPA centralized logging capabilities, it would be very useful to send all logs in structured format, i.e. both access log and error log. Then the logs could be sent as JSON to some central ELK-like log processing node without additional parsing rules that would make the text->structure conversation on the server side.

The performance gap of course limits the usability greatly on affected systems. However, I still think it would make sense to have an opt-in support for it so that people interested in journald logging and which do not have that big load may switch it on. The benefit here would be that it would be another use case missing in journald and that put some weight on Jan's patches.

That said, I do not see that change as high priority for next minor RHEL release if you are out of resources, but I still see it as useful forward looking addition.
Comment 8 Joe Orton 2017-02-07 08:58:31 UTC 
We can keep this open but ultimately nothing is going to happen here unless somebody puts some effort on the journald/kernel-side performance stuff (SCM_CGROUP).
Comment 10 Joe Orton 2017-07-13 15:05:50 UTC 
Unless this is going to be set as a priority for fixing across journald & the kernel, we're not to address this in httpd.