Igor, Thank you for all your insight. I have taken those suggestions already into consideration before starting this topic. Mysql history has already been taken care of ;) Anywho...I think it would still be a good practice audit/analysis technique to do this type of logging.
Best Regards, Josh Bitto --------------------------------------------------------------------------------------- Hi, Josh Bitto wrote: > The reason this works for me is not because of the scenario's you have > outlined, but because command line interaction with production servers > are only limited to admins (3 people). And that was your first mistake. Administrators are smart? They don't make errors like normal users do? ;) Every log archive you will find on the net was made available (and forgotten) by someone with administrator privileges... remember that. > Where I'm coming from is more of an audit trail. [...] Well, then I hope you are aware of what kind of sensitive data could be in an audit log and that you have to take care. I don't need to mention, this wasn't part of your question, but I want to write it down for completion, if we stick to the mysql example, that you could also log the mysql client history (similar to the shell history). So if one of your three smart administrators set/changes a password, the password is stored encrypted by mysqld itself, but I hope they are aware of the fact, the the plain unencrypted password can be found in the log. That's why mysql recommend to disable logging per session, when doing such things... but you already know that. right? Fine. :-) I completed my mission. I just wanted to point out, that you also have to think about log protection. -- Regards, Igor _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
