On Wed, Jan 21, 2009 at 12:55, <[email protected]> wrote: > this is the most paranoid/conservative view, and by this definition there > are basicly no logs in existance that meet the forensics requirements
Rather than set an unattainable standard, my intent was to communicate the conservative approach forensics would rather take. Edge cases and mitigating controls are acceptable as long as they are well-documented - that's basic security practice. I would rather see a solution that has 100 well-documented lossy edge cases than one that claims to be lossless with no proofs to back it. > frankly, if you really need write-only media, the best thing to do (volume > permitting) is to dump to a printer. You may want to recalculate; even 6-point font on large (14.875x11.5") tractor-feed paper only fits ~80MB per 3500-sheet box. Or, put another way, 2 512-byte events per second will burn through a $70 case per day. Or 6.5 reams of US Letter per day. Extremely limited volume. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
