On 2025-12-12 at 14:31, Roy J. Tellason, Sr. wrote: > On Thursday 11 December 2025 10:24:21 pm The Wanderer wrote: > >> That's certainly one of the major aspects of the reasons I don't >> care for the systemd ways of doing logging. I recognize that they >> have their advantages, and that there are good reasons people went >> to the trouble of implementing them; I just don't think those >> advantages outweigh the proprietariness-or-something-similar >> disadvantages, in most cases. > > I'd be interested in hearing what those advantages are. > > I keep bumping into things that are major changes away from what I'm > used to and understand, and the first thing that comes to mind for > me is "Why?"... To be clear, I'm not intimately familiar with them; I don't use systemd myself, and there are multiple reasons for that. My understanding, however, is that they include: * Faster sorting, filtering, et cetera (because the entries are stored compactly and in structures designed for such purposes). * More powerful / flexible filtering capabilities (because things are sorted into fields already, and you can filter on those fields natively, rather than needing to parse them out). * No (or less) need to do complex parsing of input in order to split the logs into the relevant fields, because they're already split that way in the storage format (and the associated internal data structures). For example, if you want to sort a plain-text log by timestamp, you need to parse the entries in such a way as to narrow down exactly which part of the entry contains the timestamp, then arrange to sort the entries according to that part without mixing up any of the rest of the parts (dropping some bits of them, or inadvertently extending the sorting to include non-timestamp parts of the entry, or...). If you want to sort *multiple* logs together that way (so you can see how events from two different sources, logged in two different files, correlate), the job becomes even harder, since they might not be formatted the same way; they might use different timestamp syntax, and/or put the timestamps in different parts of the entries. Having the timestamp be a separate field in a binary data structure, rather than part of a text stream that needs parsing, facilitates doing that sort of thing a lot more easily and reliably. I don't know if there's any more to it than that, but I gather that that is, in the minds of many people, easily enough to make the difference. -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw
Attachment:
signature.asc
Description: OpenPGP digital signature