The reason this works for me is not because of the scenario's you have outlined, but because command line interaction with production servers are only limited to admins (3 people). Where I'm coming from is more of an audit trail. I want to know (if by some miracle) that if a server is broken into I can see what commands were put in and what was done. That's it....I do see the points of view on it. If I had regular users that needed access to the command line or what not, then yeah I could see that being an issue.
---------------------------------------------------------------- This is a good point, but you are missing the fact that you are already logging passwords. You are logging failed login attempts, right? I guarantee you that at some point a user will get out of sync with the login prompt and type their password into the userid field, and therefor you will have that user's password in the logs (usually followed almost immediatly by the userid as the user realizes their mistake and logs in correctly) So you really need to be protecting your log data and/or implement something better than simple password authentication. David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
