Gavin Maltby wrote: > On 06/09/06 12:31, Darren J Moffat wrote: > >> What problem does this solve ? > > Trawling syslog files with miserable Perl scripts and the like, trying to > rebuild structure from a not very well-formed or structured ascii text. > Writing a syslog event monitor should not involve grokking around in > that mess.
I thought so I just didn't want to put words in your mouth. Doesn't FMA cover some of this binary log concept though ? >> We already have binary audit files that "BSM" audit creates and for >> Solaris 10 added the ability to export them in XML. > > They don't duplicate the info in the syslog files though? Some times they do, in many cases authentication info is sent to both places. As of Solaris 10 auditd(1m) has an audit_syslog(5) plugin where it can set all (or a subset) of the data in summary form to syslog as well as the binary trail. One of the features a new on disk syslog format should have is record level cryptographic signatures. Ideally that would be integrated with over the wire record signatures and that needs help from IETF. -- Darren J Moffat
