-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
(Sorry for the crosspost, but I want to get as much coverage as possible)
First of, thank you everyone for responding! It's given me some food for
thought, and I also found a lot of errors in what I thought would be best.
Anyway, I've compiled a rough "wishlist" here, listing what people (including
me) generally request. The reason for this is to get a discussion started, so
we can all have the most efficient (and secure) logging possible. Please
comment (if you wish) on the points noted here, but don't feel restricted to
only those - I'm more than willing to consider other features...
Here it goes:
o One log with everything (like /var/log/syslog)
o Authentication log (/var/log/auth.log)
o Non-important stuff in separate logs (/var/log/<service>.{info,warn,err}
o Human-readable date&time
o Machine-processible (ie, fixed field widths, like now)
o High-precision date/time (TAI64?)
o Docs + inclusion in the "Securing Debian Manual"
o /secure/ remote-logging (ie, crypto)
o Fallback log (ie, if something gets missed, it is logged to fx.
/var/log/missed)
o Permission checking (?)
o Running as non-root
o Encrypted logs (Compressed?)
o User-defined facilities (ie, firewall.info, xfree.err)
After reading through the features which people would like to see, it seems
to me that there is really need for something else besides sysklogd. What I
really want to know is, why is syslog-ng and/or msyslog not more widely used?
What do they lack? Compatibility and security are the only points I can see
where they might not qualify as a total replacement.
With that in mind, I've been considering making my own logger. Is this a good
idea? I've considered it a bit, and thought it would be best to start with
the current sysklogd source, and make small, tested changes to be sure that
it's still safe & working. What do people think of this?
So, anybody want to jump in and make some comments? Even if you think it's
trivial what you have to say, please do so anyway. If you feel it's not worth
everybody's mailbox, just mail me personally. Think of it as a poll :)
And also, if "the people" think it's a good idea with a new syslogger, then
there's the all-important question of the project name. Ideas are welcome :)
Yours truly
Kenneth Vestergaard Schmidt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjrXePQACgkQDoYBnf2u3ClpEgCdE0yIaKciVvRrXO0NPpdznFYh
uygAni+LWrS3QP7mBAFmV1bv7C0ezqSw
=PbVU
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
