Gavin Maltby wrote:
On 06/09/06 12:31, Darren J Moffat wrote:
What problem does this solve ?
Trawling syslog files with miserable Perl scripts and the like, trying to
rebuild structure from a not very well-formed or structured ascii text.
Writing a syslog event monitor should not involve grokking around in
that mess.
I thought so I just didn't want to put words in your mouth.
Doesn't FMA cover some of this binary log concept though ?
We already have binary audit files that "BSM" audit creates and for
Solaris 10 added the ability to export them in XML.
They don't duplicate the info in the syslog files though?
Some times they do, in many cases authentication info is sent to both
places. As of Solaris 10 auditd(1m) has an audit_syslog(5) plugin where
it can set all (or a subset) of the data in summary form to syslog as
well as the binary trail.
One of the features a new on disk syslog format should have is record
level cryptographic signatures. Ideally that would be integrated with
over the wire record signatures and that needs help from IETF.
--
Darren J Moffat
_______________________________________________
networking-discuss mailing list
[email protected]
