Followup: Syslog

To: debian-devel@lists.debian.org, debian-security@lists.debian.org
Subject: Followup: Syslog
From: Kenneth Vestergaard Schmidt <kenneth@bitnisse.dk>
Date: Sat, 14 Apr 2001 00:08:50 +0200
Message-id: <01041400083606.00484@silence>
Reply-to: binary@worldonline.dk

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

(Sorry for the crosspost, but I want to get as much coverage as possible)

First of, thank you everyone for responding! It's given me some food for 
thought, and I also found a lot of errors in what I thought would be best.
Anyway, I've compiled a rough "wishlist" here, listing what people (including 
me) generally request. The reason for this is to get a discussion started, so 
we can all have the most efficient (and secure) logging possible. Please 
comment (if you wish) on the points noted here, but don't feel restricted to 
only those - I'm more than willing to consider other features...

Here it goes:

o One log with everything (like /var/log/syslog)
o Authentication log (/var/log/auth.log)
o Non-important stuff in separate logs (/var/log/<service>.{info,warn,err}
o Human-readable date&time
o Machine-processible (ie, fixed field widths, like now)
o High-precision date/time (TAI64?)
o Docs + inclusion in the "Securing Debian Manual"
o /secure/ remote-logging (ie, crypto)
o Fallback log (ie, if something gets missed, it is logged to fx. 
/var/log/missed)
o Permission checking (?)
o Running as non-root
o Encrypted logs (Compressed?)
o User-defined facilities (ie, firewall.info, xfree.err)

After reading through the features which people would like to see, it seems 
to me that there is really need for something else besides sysklogd. What I 
really want to know is, why is syslog-ng and/or msyslog not more widely used? 
What do they lack? Compatibility and security are the only points I can see 
where they might not qualify as a total replacement.

With that in mind, I've been considering making my own logger. Is this a good 
idea? I've considered it a bit, and thought it would be best to start with 
the current sysklogd source, and make small, tested changes to be sure that 
it's still safe & working. What do people think of this?

So, anybody want to jump in and make some comments? Even if you think it's 
trivial what you have to say, please do so anyway. If you feel it's not worth 
everybody's mailbox, just mail me personally. Think of it as a poll :)

And also, if "the people" think it's a good idea with a new syslogger, then 
there's the all-important question of the project name. Ideas are welcome :)


Yours truly

Kenneth Vestergaard Schmidt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjrXePQACgkQDoYBnf2u3ClpEgCdE0yIaKciVvRrXO0NPpdznFYh
uygAni+LWrS3QP7mBAFmV1bv7C0ezqSw
=PbVU
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: Followup: Syslog
  - From: Micah Anderson <micah@riseup.net>
- Re: Followup: Syslog
  - From: Kenneth Vestergaard Schmidt <charon@debian.org>

Prev by Date: Re: IPChains vs Cisco IOS Packer Filters
Next by Date: Re: Followup: Syslog
Previous by thread: unsuscribe
Next by thread: Re: Followup: Syslog
Index(es):
- Date
- Thread