Re: log file full of "-- MARK --"

To: debian-user@lists.debian.org
Cc: "Sven Burgener" <svenb@bluewin.ch>, "Gregory Guthrie" <guthrie@mum.edu>, "Oswald Buddenhagen" <ob6@inf.tu-dresden.de>
Subject: Re: log file full of "-- MARK --"
From: Boris Veytsman <boris@plmsc.psu.edu>
Date: Fri, 19 May 2000 18:45:22 -0400
Message-id: <[🔎] 200005192245.SAA06451@hal.plmsc.psu.edu>
In-reply-to: <20000519211631.30131.qmail@murphy.debian.org> (debian-user-digest-digest-request@lists.debian.org)
References: <20000519211631.30131.qmail@murphy.debian.org>

> Date: Fri, 19 May 2000 19:05:02 +0200
> From: "Sven Burgener" <svenb@bluewin.ch>
> 

> >Never seen this on any other unix system...

> Precisely. What exactly is the reason for syslog to have this "feature"?


I do not about author's motives, but I find this feature very
useful. First, when the system crashes, you can always pinpoint the
time of the crash, which is of great help (well, Debian does not crash
:), but faulty hardware, thunderstorms etc sometimes change
this). Second, the first thing any cracker does when getting into your
system is deleting protions of the syslog to cover his traces. This
feature might help to track an unaware script kid (a smarter hacker
can fake the marks, of course, but this is an extra barrier).

Actually I always emulate this feature on non-Linux systems I have by
making a daemon to write something to the syslog every 10 minutes.

-- 
Good luck

-Boris
http://www.plmsc.psu.edu/~boris/

Reply to:

Prev by Date: Roulette game?
Next by Date: Clone of hard drive
Previous by thread: Re: log file full of "-- MARK --"
Next by thread: APM Disable
Index(es):
- Date
- Thread