Re: Remote Syslogd

From: Seth Arnold (sarnoldat_private)
Date: Wed Nov 06 2002 - 10:48:21 PST

Next message: Paul Timmins: "Re: Dealing with RAID and SCA Drives"

Previous message: Ben Boulanger: "RE: Remote Syslogd"
In reply to: John Fitzgerald: "RE: Remote Syslogd"
Next in thread: Ryan Yagatich: "Re: Remote Syslogd"
Next in thread: John: "Re: Remote Syslogd"
Reply: Ryan Yagatich: "Re: Remote Syslogd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Nov 06, 2002 at 05:22:09PM -0000, John Fitzgerald wrote:
> To prevent an 'exploited' syslogd amending stored logs then you may be
> able to set them to be append only (dependent upon the filesystem
> being used) and/or you could have a higher privilege daemon copying
> the logs to somewhere outside the chrooted area on a regular basis.
> Does anybody know of an application that is optimized for copying
> sequentially increasing files?

tail(1).

Or you could configure your syslogd to write into a pipe and have your
"trusted" program read from the pipe in a loop and copy the data to
another file.

-- 
Nothing says, "Superpower" like bombing a country that is poor and
hungry. -- Ken Brush

application/pgp-signature attachment: stored

Next message: Paul Timmins: "Re: Dealing with RAID and SCA Drives"
Previous message: Ben Boulanger: "RE: Remote Syslogd"
In reply to: John Fitzgerald: "RE: Remote Syslogd"
Next in thread: Ryan Yagatich: "Re: Remote Syslogd"
Next in thread: John: "Re: Remote Syslogd"
Reply: Ryan Yagatich: "Re: Remote Syslogd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Nov 06 2002 - 19:15:05 PST