:: Re: [DNG] ..forensics on systemd or…
Página Principal
Delete this message
Reply to this message
Autor: Aldemir Akpinar
Data:  
Para: dng@lists.dyne.org
Assunto: Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?
> That's routine. Few readers read everything that can be read. For example,
> look at postgres. Its binary file format reveals quite a bit more than you
> can get using psql, and by design: The writer and binary format are
> intended for storing things quickly and reliably, and the reader for
> reading what was stored. Anything that's in the file but wasn't stored by
> instruction of an SQL user is uninteresting to psql, and the file format
> writer has no particular reason to avoid storing other information.
>
> If you really want to look at the details in postgres, you can take a good
> guess at whether two rows were inserted at the same time or one later than
> the other.
>
> That's why forensics people use the files. Systemd is about the millionth
> system to join the club. Flame postgres and vast numbers of others before
> you flame systemd. Or better yet, limit your statements about systemd to
> what's correct.
>
> Arnt
>


Could you elaborate why are you comparing a relational database system
where its files must be binary with a logging system where its files
doesn't need to binary?

--
aldemir