Re: [logs] reinventing syslog [was: Secure Central Log Host]

Previous message: Noah White: "RE: [logs] SDSC Secure Syslog"
In reply to: Ed Ravin: "Re: [logs] reinventing syslog [was: Secure Central Log Host]"
Next in thread: Florin Andrei: "Re: [logs] reinventing syslog [was: Secure Central Log Host]"
Reply: Florin Andrei: "Re: [logs] reinventing syslog [was: Secure Central Log Host]"
Reply: Richard Welty: "Re[2]: [logs] reinventing syslog [was: Secure Central Log Host]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

tepat_private

>>>>> On Thu, 5 Dec 2002 13:51:03 -0500 (EST), "Ed Ravin" <eravinat_private> said:

    ER> Florin Andrei writes:
    >> The true solution is to modify syslogd.  [...]
    >> Changing the code to use local timestamps instead of the ones provided
    >> by the datagrams should be no big deal. Some external configuration flag
    >> could change the behaviour between the default (use the datagrams'
    >> timestamps, or use local time).

    ER> syslog-ng already supports this, with its "use_time_recvd()" option.
    ER> You can also do your remote logging via TCP to reduce the chance
    ER> that you are receiving spoofed data.

I think I'd really like to have both timestamps in the final
destination log file.  The one the client put on, AND the one put on
by the final "write-to-file" daemone.

Does this make sense, or an I just being overly {pedantic, paranoid,
feature-crazy}?

--tep
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis