A Powerful Logs Management Solution We All Have and Use but We Underestimate: systemd-journal

Thursday, 31 October, 2024 - 11:4512:05 GMT

Costa Tsaousis, Netdata

Abstract: 

This talk aims to unearth the potent features of systemd-journal that have remained mostly underutilized and largely underappreciated within the SRE community. The focus will be on its ability to handle dynamically structured log entries, its inherent support for centralized logging, and its robust security features including log sealing.

Systemd-journal offers dynamic field management, allowing flexible log annotation and querying without predefined schemas, along with decentralized log management that enables seamless analysis across systems. Its sealing feature ensures log integrity, critical for incident response and forensics. There’s a tooling gap for converting plain logs into structured entries, however, we will show examples of how this can be achieved.

Costa Tsaousis, Netdata

Costa Tsaousis, is the Founder and CEO of Netdata. Since 1995, Costa has been actively working on internet related startups. He has been a co-founder and C-level executive of many successful projects, including Internet Service Providers, Cloud Hosting Providers and Fintech startups. With a passion for innovation and open-source, he now leads Netdata, a monitoring solution aiming to simplify and modernize infrastructure observability for all of us.

BibTeX
@conference {302175,
author = {Costa Tsaousis},
title = {A Powerful Logs Management Solution We All Have and Use but We Underestimate: systemd-journal},
year = {2024},
address = {Dublin},
publisher = {USENIX Association},
month = oct
}

Presentation Video