Erich Schubert wrote: <snip>
Syslog is a POSIX standard. I guess the LSB has something to say about POSIX. :-)The LSB doesn't say anything about logging, does it? I think that should be added and standardized there...
"Hey. Here's a PATCH for your program that'll make it use Debian SuperSyslog. Red Hat? Nah, they still use syslog. Hello? Hello?"But Debian could define and publish such a standard, then submit patches to upstream to have them support this standard.
All is not lost though. I'm writing a wizzy logging API at the moment. The design can be expressed as a directed graph of processing nodes and stream arcs. Nodes can be filters, message sinks such as files, syslog, sockets and anything else you can think of. Streams can be file descriptors, network connections, in memory transfers etc. I'm trying to be uber flexible (cf. log4j which is designed to be efficient). There might be a drawback for you though; I'm writing it in Ada and I can't see how to write a C binding for it. :-OIf logcheck wouldn't require a _lot_ of manual tweaking for your system to do any benefit, it could be a more useable security tool. I know that i can redirect different syslog-severities to different files; but that severity is not fine grained enough IMHO, and not used enough by the applications. Especially applications could need a standard way to highlight messages that mean security violations and attacks onto services.
Anyway with this API you could write applications which log to syslog and another file which has information more suitable for logcheck. Then you just have to persuade application authors to use it.
"Hey. Here's a PATCH for your program that'll make it use gblf. Sure, it'll still log the same messages to syslog but you can also use it to [insert long list of planed features here]. Redhat, sure. Hell it even runs on winders. Hello. Hello?" :-)
<snip>
Added to my planned features list. User feedback before I have users. Cool!(actually i'd like that grepped out of the log and mailed to me, like logcheck does)
Chris Moore Sig pending!