[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Different logging formats, standardization...

Erich Schubert wrote:


The LSB doesn't say anything about logging, does it?
I think that should be added and standardized there...
Syslog is a POSIX standard. I guess the LSB has something to say about POSIX. :-)

But Debian could define and publish such a standard, then submit patches
to upstream to have them support this standard.

"Hey. Here's a PATCH for your program that'll make it use Debian SuperSyslog. Red Hat? Nah, they still use syslog. Hello? Hello?"

If logcheck wouldn't require a _lot_ of manual tweaking for your system
to do any benefit, it could be a more useable security tool.

I know that i can redirect different syslog-severities to different
files; but that severity is not fine grained enough IMHO, and not used
enough by the applications.
Especially applications could need a standard way to highlight messages
that mean security violations and attacks onto services.

All is not lost though. I'm writing a wizzy logging API at the moment. The design can be expressed as a directed graph of processing nodes and stream arcs. Nodes can be filters, message sinks such as files, syslog, sockets and anything else you can think of. Streams can be file descriptors, network connections, in memory transfers etc. I'm trying to be uber flexible (cf. log4j which is designed to be efficient). There might be a drawback for you though; I'm writing it in Ada and I can't see how to write a C binding for it. :-O

Anyway with this API you could write applications which log to syslog and another file which has information more suitable for logcheck. Then you just have to persuade application authors to use it.

"Hey. Here's a PATCH for your program that'll make it use gblf. Sure, it'll still log the same messages to syslog but you can also use it to [insert long list of planed features here]. Redhat, sure. Hell it even runs on winders. Hello. Hello?" :-)


(actually i'd like that grepped out of the log and mailed
to me, like logcheck does)
Added to my planned features list. User feedback before I have users. Cool!

Chris Moore
Sig pending!

Reply to: