[prev in list] [next in list] [prev in thread] [next in thread]
List: syslog-ng
Subject: Re: [syslog-ng] Syslog-ng log file overwrite
From: Valdis.Kletnieks () vt ! edu
Date: 2007-03-19 21:41:11
Message-ID: 200703192141.l2JLfBKq021891 () turing-police ! cc ! vt ! edu
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Mon, 19 Mar 2007 18:38:30 BST, Balazs Scheidler said:
> Do you need this information for locally generated messages or messages
> that are received on a network? For local processes it should be
> possible to get the sender's credentials, at least on some of the
> platform that syslog-ng supports. What platform are you using?
Note that as the Linux LSPP project has found out, "the sender's credentials"
is a very squishy concept indeed. You already have a (admittedly possibly
forged) process name/number in the message. The real gotcha is that the vast
majority of the time, you already *know* the answer to this question - if
it's sendmail, or ssh, or any one of the vast flock of daemon processes that
do the majority of logging, it's "root" or "apache" or "cups" or similar.
What you're often more interested in is "The identity of the user on who's
behalf this message was generated". You already *know* that the message is
from CUPS - what you want to know is which user's print job bombed and caused
the message.
[Attachment #5 (application/pgp-signature)]
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic