[
https://jira.duraspace.org/browse/DS-667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18686#action_18686
]
Tim Donohue commented on DS-667:
--------------------------------
This issue was discussed during the Developers Meeting on Jan 19, 2011
Overall, there were some security concerns amongst several of the committers.
We were also wondering if it might be better to just install third-party log
viewer software, for those sites that would prefer a log viewer. There are
several log viewers available, including:
* Splunk: http://www.splunk.com/
* Sawmill: http://www.sawmill.net/features.html
* Chainsaw: http://logging.apache.org/chainsaw/index.html
* LogMX: http://www.logmx.com/
There are many others out there as well...these are just a few options to view
log files in a remote fashion. We wonder if installing one of these would be a
better option? Someone could also post a guide to doing this on our Wiki, so
that people with similar needs could follow those instructions.
Full discussion follows:
[20:10] <tdonohue> Add a remote log viewer to DSpace. :
https://jira.duraspace.org/browse/DS-667
[20:11] <mhwood> My first thought was: "I have SSH for that"
[20:11] <richardrodgers> Sounds like RobinT has issues
[20:11] <tdonohue> I see robin has concerns on patch itself. What do you all
think about the idea? Is this something we want to support as an "idea"?
[20:12] <grahamtriggs> haven't looked at the code, but the comments aren't
inspiring me with confidence that it will behave itself with very large files
[20:12] <jefftrimble> I think there are some security issues with that...I
can't put my finger on it....but could it be hacked since some of our dspace
installs are being served up on port 8080 instead of 8443?
[20:13] <jefftrimble> While it's only for viewing purposes, there are security
issues about viewing data like that, that some institutions might officially
prohibit.
[20:13] <sandsfish> I would support any DSpace administrator learning more
about the workings of DSpace and troubleshooting it, but I imagine most
individuals that would know what to do with the log information would have
access to the log file itself. Perhaps I'm missing some use cases though...
[20:14] <tdonohue> jefftrimble: But, is it still a security issue if it's only
available to DSpace Administrator? (honest question, I don't know the answer)
[20:14] <mdiggory> TBH, I'm already frustrated enough with the way dspace
hardcoded logging, creating something that is dependent on it always being
there raises red flags for me
[20:14] <grahamtriggs> *massive* data protection issues
[20:14] <grahamtriggs> possibly :)
[20:14] <jefftrimble> well, there are cache issues too...
[20:15] <tdonohue> ok -- sounds like there's a lot of concerns in general.
Personally, I wonder if there is separate "log viewer" software that people
could install specifically if they needed to view logs remotely?
[20:15] <jefftrimble> I know that at my institution, we have very stringent
rules of what can and cannot be served up on port 8080 no matter who you are.
That said, I'm a little leary of putting this stuff out there, but then again,
we have so much admin anyways. what the heck.
[20:15] <mdiggory> chainsaw
[20:15] <jefftrimble> LOL
[20:15] <grahamtriggs> splunk
[20:15] <jefftrimble> BZZZZZZZ
[20:16] <mhwood> So you could put Global Thermonuclear War on port 9090 but not
on 8080?
[20:16] <tdonohue> ok. DS-667 -- will add comment about our concerns. Suggest
using either chainsaw or splunk (or similar) to view logs remotely as needed
[20:16] <mdiggory> nagios, remotely anywhere... or more simply... ssh
> Add a remote log viewer to DSpace.
> ----------------------------------
>
> Key: DS-667
> URL: https://jira.duraspace.org/browse/DS-667
> Project: DSpace
> Issue Type: New Feature
> Components: JSPUI
> Affects Versions: 1.6.2
> Environment: Developed on a Windows XP machine and checked on a w2k3
> server.
> Reporter: Paul Brindley
> Attachments: DSpaceLogViewer.zip
>
>
> This set of files adds a remote log viewer to DSpace, it resides on the
> navigation menu in the administration page. It allows an administrator to
> view the dspace logs without having to have filesystem access to the
> webserver.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.duraspace.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand
malware threats, the impact they can have on your business, and how you
can protect your company and customers by using code signing.
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
