-----Original Message-----
From: Chad Schieken [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 19, 1999 12:56 PM
To: 'd'
Subject: RE: introduction
Dan,
I understand and agree that the it's a scope issue. I just think that:
1. Logs without accurate timestamps are worthless
2. getting worthless logs securely and accurately to a log server isn't
worth the effort.
Let's see where the discussion lands.
later...
chad Schieken
Lucent Professional Services
-----Original Message-----
From: d [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 19, 1999 12:40 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: introduction
> [EMAIL PROTECTED] sez:
> It's critically important that logs reflect the time events happened,
> however most system clocks are wrong. So let's either build an xntp client
> in the syslog server that atleast records the "real" time a message was
> received.
While I'd be the first to agree that time is critical for any sort of
auditing or security, do people agree that accurate time (let alone
specifying a specific format) should be part of a syslog specification?
I'd initially vote against that as a design constraint, but I must
confess I haven't given it a great deal of thought.
Accurate network time is great, but I'd also like to think that people
who aren't on the net (secure installations, uucp, factories, etc.) or who
are otherwise NTP-challenged (and yes, I know you don't need to be on
the net to use it) can use the new protocol.
I guess it comes down to what problem - or set of problems - we're
trying to solve.
dan
