Just for fun, I tracked down the existing logs on my system, which is a Powerbook and not a server system. I found the following logs.
/Applications/DYMO Label/Help/dymolbl.log /Library/Logs/Console/501/console.log /Library/Logs/CrashReporter/dummy-24598.crash.log /Library/Logs/CrashReporter/ethereal.crash.log /Library/Logs/CrashReporter/nessusd.crash.log /Library/Logs/CrashReporter/SecurityAgent.crash.log /Library/Logs/DirectoryService/DirectoryService.error.log /Library/Logs/DirectoryService/DirectoryService.server.log /Library/Logs/Software Update.log /Users/claudel/Library/Logs/CrashReporter/NetInfo Manager.crash.log /Users/claudel/Library/Logs/CrashReporter/PGP Engine.crash.log /Users/claudel/Library/Logs/CrashReporter/Printer Setup Utility.crash.log /Users/claudel/Library/Logs/CrashReporter/tethereal.crash.log /Users/claudel/Library/Logs/DiskUtility.log /Users/claudel/Library/Logs/PGP/PGP-06-14-2005.log /Users/claudel/Library/Logs/PGP/PGPEngine-06-15-2005.log /Users/claudel/Library/Logs/SuperDuper!.log /usr/local/etc/nessus/nessusd.crash.log /var/log/asl.log /var/log/crashreporter.log /var/log/ftp.log /var/log/httpd-access.log /var/log/httpd-error.log /var/log/install.log /var/log/ipfw.log /var/log/lookupd.log /var/log/lpr.log /var/log/mail.log /var/log/named.log /var/log/netinfo.log /var/log/ppp.log /var/log/secure.log /var/log/system.log /var/log/windowserver_last.log /var/log/windowserver.log 35 existing logs, by my count, some of which are inactive but are installed by the default system install. 5 different locations for logfiles. This list does not include the various build and install logs that were generated for one time use. Most, if not all of these are updated periodically. The list also does not include older versions of logfiles that were archived by various maintenance scripts. I have a few scripts that parse the more active logs and mail me a report containing interesting events. If Little Snitch were able to log it's interesting events into an existing facility such as syslog or the new in Tiger asl logging facility it would be simple to include the Little Snitch log entries into my existing scheme and would be compliant with established industry standard logging procedures. If Little Snitch was to have it's own separate log it would be relatively simple to add to my existing scheme as long as the format of the log entries was similar to the existing syslog or asl formats. However, that would add yet another separate log file into the system. There are standard APIs already established to write to syslog and presumably asl that could, no doubt, be integrated into the software without too much trouble. Little Snitch already runs with enough privileges to log to standard system facilities. I consider egress violations to be interesting enough information that the associated log entries would qualify as essential system activity. Ideally, if logging is implemented there would be configurable choices as to whether or not a separate log is established, and also the location of a separate log, if any. My personal preference would be to use the existing system logging facilities, whether it be syslog or asl. Claude On 6/15/05 12:27 AM, "Tom R. no spam" <[EMAIL PROTECTED]> wrote: > A statement of an alternate view would be to log to a > separate file to avoid clogging up system.log. Ie keep > this kind of info separate from true system activity, so > easier to work with. Also, no need to log as root if > log to a separate, user file, safer. So a separate file > would be my vote. > > On Tue, 14 Jun 2005, Claude V. Lucas wrote: > >> Logging would be great, but if it gets implemented please send log info to >> syslog rather than creating yet another separate log to keep track of. > . . . >>> Since LS already has the target IP address and does a >>> DNS lookup, would it be much trouble to add also writing >>> that IP address and/or domain name to a text log file? >>> Not necessarily the whole LS alert, tho of course >>> protocol, etc info would be useful, just quickly append >>> the current IP/domain name-- even without timestamp--to >>> a text file. Logs are of course a very useful tool in >>> security. LS could have logging either on or off in >>> Preferences, and/or maybe a check box in the LS popup >>> window, to write just current target to log? > . . . > _______________________________________________ > Littlesnitch-talk mailing list > [email protected] > http://at.obdev.at/mailman/listinfo/littlesnitch-talk > _______________________________________________ Littlesnitch-talk mailing list [email protected] http://at.obdev.at/mailman/listinfo/littlesnitch-talk
