Czanik@BalaBit

Last week the Brno Red Hat office hosted two conferences, one small about logging and the Fedora Developer conference. While our focus was on logging, w also attended part of the Fedora conference and listened to some great presentations.

The logging miniconf covered some very hot topics: CEE ( http://cee.mitre.org/ ), journal ( http://0pointer.de/blog/projects/the-journal.html ), auditd ( http://people.redhat.com/sgrubb/audit/index.html ) and some lesser known projects, like ELAPI ( https://fedorahosted.org/ELAPI/ ).

CEE is an emerging standard for describing events by a set of name value pairs and how this information is shared. At the core there is a set of common name value pairs to describe basic parameters of base operating system events and the syslog as a transport mechanism. But it’s easy to extend to describe just about anything or to add other means of transport or representation.

Journal is a brand new way of logging of local machines with a new binary file format, which is able to store not just simple text messages but also name value pairs without the need of maintaining a database server. This fits well into the world of syslog-ng, as it used name-value pairs for ages internally and considered most as an advanced log processor and central logger, than something to be installed on all desktop machines.

After the presentations we were supposed to go back to our hotels and check e-mails before dinner. We did not do this, and had the most fruitful discussions of the day, where the small parts discussed during the presentations combined into a whole new conclusion. Bazsi made a nice diagram about it on the board: many different information sources on one side, syslog(-ng) in the middle as information processor, and many different output possibilities (databases, journal, etc.).

The next day we attended the first day of the Fedora Developer conference ( http://fedoraproject.org/wiki/DeveloperConference2012 ), where we visited some system and security related presentations. Miloslav Trmac talked about secure programming and I really hope, that the video of his presentation will be published, as it’s something all developers should be aware of. Steve Grubb talked about different standards affecting Linux security development. Next Lennart Poettering & Kay Sievers presented some best practices about creating systemd services. While as a FreeBSD user I always have some doubts about Linux only projects, it was a very worthy presentation, as I gathered some fresh ideas to be used in my openSUSE syslog-ng package! The last presentation we could attend before running to catch our train was from Rainer of rsyslog.