Post AwClKMoebeNP3NNsCe by x_cli@infosec.exchange
(DIR) More posts by x_cli@infosec.exchange
(DIR) Post #Aw2Z0hOkxJmi84Q8EC by playit@fediverse.dotslashplay.it
2025-07-12T00:18:08Z
0 likes, 0 repeats
It’s time to leave rsyslog behind: https://www.rsyslog.com/rsyslog-goes-ai-first-a-new-chapter-begins/Even if they go back on that, it’s proof enough that they can not be trusted. Not now, not ever. No critical piece of a system should rely on people who believe in the LLM illusion.Sadly all of ./play.it infrastructure is currently relying on rsyslog for centralised logging management. If you use something else, and are happy with it, suggestions are welcome.Right now our top candidates for a replacement are:- syslogd, the original one- syslog-ng (it seems powerful, but its documentation is awful)Our needs are very basic, mostly we want to be able to tell the logging system to store logs in specific paths based on the process name, like sending rspamd logs to /var/log/mail/rspamd.log or unbound logs to /var/log/network/unbound.log.Logs rotation is already handled by logrotate, so we do not need the syslog daemon to include the ability to handle that itself.Being packaged in Debian is a non-negotiable requirement.
(DIR) Post #Aw2Z0iMJNtQJ6mHh3Y by playit@fediverse.dotslashplay.it
2025-07-12T00:24:41Z
0 likes, 1 repeats
The "LLM illusion" is when you look at something like this: https://www.rsyslog.com/what-to-do-when-an-external-script-does-not-work/And think: « Yes, that’s all good, this image looks exactly like what a real illustrator would have done. I see no problem at all with it. »It’s when you get trapped into the illusion of coherence that the LLM produce, and start to believe their output makes actual sense.It’s when you spent too much time exposed to marketing bullshit, and are no longer able to remember what actual intelligence looks like. You are no longer looking at words forming sentences but at word-like shapes mimicking the real thing, but you can no longer tell the difference.
(DIR) Post #Aw2ZN9HRyH2gyVhx68 by lanodan@queer.hacktivis.me
2025-07-12T00:30:18.217339Z
0 likes, 0 repeats
@playit syslogd as in https://packages.debian.org/sid/inetutils-syslogd or sysklogd (BSD-based, where syslog originally comes from) ?
(DIR) Post #Aw2aizEK7R6O84Dqt6 by playit@fediverse.dotslashplay.it
2025-07-12T00:39:24Z
1 likes, 0 repeats
The one I had in mind is inetutils-syslogd, not sysklogd as this last one does not seem to be available from the Debian archive.
(DIR) Post #Aw3v0Ncis0E2wsAMQC by lanodan@queer.hacktivis.me
2025-07-12T16:07:19.093032Z
0 likes, 0 repeats
@TheOneDoc @playit Is it a syslog daemon though, just has to write logs lines into a file or into a socket for another syslog program, the end.Meanwhile rsyslog and syslog-ng end up with updates all the time because they have modules for everything that can somewhat deal with logs instead of separated utilities. (And that's with them running as root and being network facing…)
(DIR) Post #AwClKMoebeNP3NNsCe by x_cli@infosec.exchange
2025-07-15T14:40:56Z
0 likes, 0 repeats
@playit I heard a lot of great things about Vector (https://vector.dev/) and I had plans to use it in my previous job before I quit.Vector is featureful and the documentation is great.
(DIR) Post #AwClKNVY2AghCPS83s by playit@fediverse.dotslashplay.it
2025-07-16T22:06:30Z
0 likes, 0 repeats
Vector is much too big and "featureful" compared to our needs.We want a daemon writing logs in plain text files, not a « complete, end-to-end platform » that is used for « building observability pipelines » ;)
(DIR) Post #AwClKO4dvglCxFs9lQ by playit@fediverse.dotslashplay.it
2025-07-16T22:12:40Z
1 likes, 0 repeats
PS: Thanks for the suggestion anyway, other people reading this thread might have some real need for such a tool.CC: @x_cli@infosec.exchange
(DIR) Post #AwClNfqWJEg0wWpl4a by playit@fediverse.dotslashplay.it
2025-07-13T15:58:34Z
0 likes, 0 repeats
People who care about logging daemons on Debian are welcome to join the new #debian-logging IRC channel, on OFTC.The goal of this channel is to start a new team inside Debian, focused on the packaging and maintenance of logging daemons. That would include the writing of documentation on Debian Wiki to help administrators chose the right daemon according to their needs.A more formal announcement about the creation of this new team (and to gauge actual interest in it) is planned to be sent to the debian-devel mailing list right after the ongoing DebConf25.
(DIR) Post #AwClNh69eamEpJ9l56 by staudey@mastodon.social
2025-07-15T18:52:52Z
0 likes, 0 repeats
@playit Wow, that is comically bad. I had expected something at least halfway decent.
(DIR) Post #AwClNhwyUD1nT7rwPY by playit@fediverse.dotslashplay.it
2025-07-16T22:11:49Z
1 likes, 0 repeats
LLM output can pass as "halfway decent", but only when you have no real knowledge of the topic it is generating pseudo-text about. Otherwise it is really hard to be tricked by it.This is why the current situation is really worrying about not only rsyslog development, but about rsyslog developer too. If they have fallen for the LLM illusion, it means they no longer understand what they used to work on.Maybe people warning about brainrot following LLM usage were right… (or maybe it’s more cynical than that, and rsyslog developer smelled the money that can be made from using words like "AI first")