Bug 1168956
Summary: | [RFE] Send logs to journald | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Martin Kosek <mkosek> |
Component: | httpd | Assignee: | Luboš Uhliarik <luhliari> |
Status: | CLOSED DEFERRED | QA Contact: | BaseOS QE - Apps <qe-baseos-apps> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.1 | CC: | fweimer, jkaluza, jorton, jpazdziora, ohudlick, pvoborni |
Target Milestone: | rc | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-07-13 15:05:50 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 963620 | ||
Bug Blocks: |
Description
Martin Kosek
2014-11-28 14:09:02 UTC
We could backport this feature, but there's big performance hit when logging anything except error_log with LogLevel warn to journald. See Bug 963620. Note that even for high LogLevel, this could make DoS attacks easier for an attacker who would generate requests which would trigger per-request error in the error_log. For FreeIPA centralized logging capabilities, it would be very useful to send all logs in structured format, i.e. both access log and error log. Then the logs could be sent as JSON to some central ELK-like log processing node without additional parsing rules that would make the text->structure conversation on the server side. The performance gap of course limits the usability greatly on affected systems. However, I still think it would make sense to have an opt-in support for it so that people interested in journald logging and which do not have that big load may switch it on. The benefit here would be that it would be another use case missing in journald and that put some weight on Jan's patches. That said, I do not see that change as high priority for next minor RHEL release if you are out of resources, but I still see it as useful forward looking addition. We can keep this open but ultimately nothing is going to happen here unless somebody puts some effort on the journald/kernel-side performance stuff (SCM_CGROUP). Unless this is going to be set as a priority for fixing across journald & the kernel, we're not to address this in httpd. |