[logs] Filesystem for logging

From: listuser (listuserat_private)
Date: Tue Dec 17 2002 - 10:18:35 PST

  • Next message: Blaise St-Laurent: "RE: [logs] Tamper Proof Logging"

    Hello,
    
    I am being entrusted with creating a logging system for a small datacenter. I want to ask the list's opinion about 
    
    1. How can I archive the logs for long term storage? ie tape/DVD or some other device?
    
    2. Is there any logger that can store logs in a secure manner, so that it can be presented as an evidance. I am following the discussions here with much interet, but so far I have not heard of any software that can be used now. 
    
    3. Which file system (Linux) gives best preformance. I don't know if it makes any difference, but I am thinking too much about file systems now, see below :)
    
    Now for a wierd idea, How about making an FS exclusievly for logging. An FS which will not support any editing of data once written, ie only appending, which computes a hash of each line and stores them seperatly in another file etc. I am thinking about it now, may be, I might get some time to try to implement atlest some part of it. 
    
    The file system can store only 2 actual files, one logs and another hash, but it can be indexed with words. ie if I create a (virtual) file with name apache, it will be an index containing all the lines in the logs with the string apache. Also you cannot delete the real logs using the normal system call. This means even if some one hacks into the system, the logs are pretty safe, (ok, the hacker just needs to find the special program to delete the logs) In any case logs are tamper proof, if the logs are present they are reliable.
    
    I am just bouncing the idea to the list, all this may be just crap :)
    
    raj
    
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 12:18:42 PST