[prev in list] [next in list] [prev in thread] [next in thread]
List: annvix-dev
Subject: Re: [dev] more secure Syslogd replacements.
From: Charlie Brady <charlieb-annvix () budge ! apana ! org ! au>
Date: 2004-07-30 14:50:20
Message-ID: Pine.LNX.4.44.0407301009220.16037-100000 () e-smith ! charlieb ! ott ! istop ! com
[Download RAW message or body]
On Thu, 29 Jul 2004, Mason Schmitt wrote:
> On July 29, 2004 01:22 pm, Charlie Brady wrote:
> > I'm already happily using svlogd directly for most stuff (it's like
> > multilog), and socklog teamed with svlogd for legacy stuff (i.e. stuff
> > which expects to use syslog). Are you familiar with multilog and have you
> > looked at socklog?
>
> Not familiar with svlogd at all and I have not used multilog before.
> If I may ask, what do you like most about the combination?
I mention the combination of "socklog and svlogd", but we should really
consider the combination of supervise and multilog (or runsv and svlogd,
Gerrit Pape's versions), with socklog as an additional component.
[For simplicity, since people are more familiar with these particular
tools, I'll refer to supervise and multilog, although runsv and svlogd do
almost exactly the same job, and would be my preferred choice.]
The combination os supervise and multilog provides a very well tested
secure and reliable mechanism for controlling a running process, and
collecting and managing all its stdout and stderr output. The log output
is reliably collected, and can have been produced only by the supervised
process (or perhaps its descendents), which pretty much solves the log
repudiation problem referenced earlier in this thread.
syslog only survives for legacy logging - for processes which still use
the old syslog model. socklog is an alternative syslogd implementation,
which is effectively minimal. Minimal is good, for reliability and
security reasons. All socklog does is suck messages from /dev/log, rewrite
priority and level tags, and write to stdout. The rest of syslogd
functionality is provided by supervise and svlogd.
---
Charlie
_______________________________________________
dev mailing list
dev@annvix.org
http://annvix.org/mailman/listinfo/dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic