|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: yet another idea about /etc/security
From: Robert Watson (robert
cyrus.watson.org)Date: Sat Feb 05 2000 - 19:26:01 CST
- Next message: Ed Bardsley: "Re: yet another idea about /etc/security"
- Previous message: Matt Heckaman: "Re: yet another idea about /etc/security"
- In reply to: Garrett Wollman: "Re: yet another idea about /etc/security"
- Next in thread: Igor Roshchin: "Re: yet another idea about /etc/security"
- Next in thread: Garance A Drosihn: "Re: yet another idea about /etc/security"
- Next in thread: Ed Bardsley: "Re: yet another idea about /etc/security"
- Reply: Robert Watson: "Re: yet another idea about /etc/security"
- Reply: Igor Roshchin: "Re: yet another idea about /etc/security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sat, 5 Feb 2000, Garrett Wollman wrote:
> <<On Sat, 5 Feb 2000 18:04:08 -0500, Garance A Drosihn <drosihrpi.edu> said:
>
> > I'll skip the solution suggested, since I am not comfortable
> > with some of the issues which it might run up against...
>
> I think the ``right'' solution is to simply specify that all syslog
> files get rotated daily, using an T00 specification in
> newsyslog.conf, and if people want a longer history, the can easily
> specify the number of files in rotation.
I agree entirely. The different log rotation lengths are a nightmare from
a script analysis perspective, and lead to inconsistencies between systems
where the (almost requisite) local customization has taken place. Having
a 24-hour log rotation makes sense for most applications (both rapid-fire
apps, such as anonymous ftp, mail, pop, and also less-overloaded ones).
There are a few exceptions, though, such as lastlog where a long-term
record is useful, and also web servers, where aggregating longer periods
of time is more useful for analysis. Moving to a more consistent way of
locally modifying log behavior through changing the number of back logs,
not cycles, seems like a logical move.
There are a couple other changes I'd like to see in /etc/syslog.conf,
including some commented out sample entries, such as:
# uncomment this to log to a remote loghost
#*.* loghost
# uncomment this to log all system messages in high detail
#*.* /var/log/all.log
with a corresponding entry in newsyslog.conf. This will make features
such as these more accessible to those with less experience, and suggest
the use of these features, since we have them :-).
Another thing that might be good would be to have ports use syslog log,
where possible (not web servers, but things like samba, which can log to
syslog but don't by default). Our syslog/newsyslog setup can handle
rotation and reasonable volume logging, which is one reason many programs
don't use it.
Robert N M Watson
robertfledge.watson.org http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Ed Bardsley: "Re: yet another idea about /etc/security"
- Previous message: Matt Heckaman: "Re: yet another idea about /etc/security"
- In reply to: Garrett Wollman: "Re: yet another idea about /etc/security"
- Next in thread: Igor Roshchin: "Re: yet another idea about /etc/security"
- Next in thread: Garance A Drosihn: "Re: yet another idea about /etc/security"
- Next in thread: Ed Bardsley: "Re: yet another idea about /etc/security"
- Reply: Robert Watson: "Re: yet another idea about /etc/security"
- Reply: Igor Roshchin: "Re: yet another idea about /etc/security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]