> Date: Fri, 19 May 2000 19:05:02 +0200 > From: "Sven Burgener" <[EMAIL PROTECTED]> >
> >Never seen this on any other unix system... > Precisely. What exactly is the reason for syslog to have this "feature"? I do not about author's motives, but I find this feature very useful. First, when the system crashes, you can always pinpoint the time of the crash, which is of great help (well, Debian does not crash :), but faulty hardware, thunderstorms etc sometimes change this). Second, the first thing any cracker does when getting into your system is deleting protions of the syslog to cover his traces. This feature might help to track an unaware script kid (a smarter hacker can fake the marks, of course, but this is an extra barrier). Actually I always emulate this feature on non-Linux systems I have by making a daemon to write something to the syslog every 10 minutes. -- Good luck -Boris http://www.plmsc.psu.edu/~boris/