At 07:13 PM 5/7/2003, Darren Reed wrote: >In some mail from Rob Scott, sie said: > > My biggest pet peeve about traditional syslog daemons is that if the > system > > admin (me, usually) forgets to actually create the target file called out > > in a syslog rule then syslog will only tell you about it at start time > > rather than simply create the file in question. I admit that a truly > > paranoid and control oriented admin may not wish a system utility like > this > > to go about creating files. However, I've always felt that if syslog can > > detect that I haven't created a target log file why shouldn't it just go > > ahead and create the fritzing thing rather than just whining about it. > >And who should own it and what permissions should it have on it ? >And you would configure that in syslogd how ? Syslog runs as root on most systems. Take a look at /var/log in Linux, and you'll see that almost all of the log files already being used by syslog are owned by root with permission 600. Makes sense (at least to me) that syslog would create the files with owner root and permissions 600. I do note that Solaris seems to put permissions of 644 on most files in /var/adm, but I would favor 600 for those files that would be auto-created by syslog. My point is that if creating a file syslog should adhere to local or religious standards of the *nix flavor that it's running on. >Not to mention that the other aspect of not logging to a file that >is not there vs creating it on demand, creates a control mechanism >for logging outside of syslogd itself, independant of syslog.conf. All of my comments are from my experiences with BSD 4.1/4.2, Sun/OS, Solaris and RedHat Linux. Your *nix may vary. I'm not sure that I get your point here. If a log file target called out in a syslog doesn't exist, syslog throws away the log entries destined for that file. Most implementations of syslog won't tell you that the file is missing when they start up, so if you haven't created the file before you start syslog you won't know that it's losing the messages destined for the file. I would suggest that syslog either create the file (as suggested above) or perform a consistency check on the syslog.conf file to ensure that all of the targets exist and can be written. As currently implemented the attempt to assess and open the target file doesn't usually occur until the first attempt to write to it. If a target file did not exist or could not be written to, syslog could write a message to either the console or to the standard system log to announce the problem. Cheers. Rob It's never too late to have a happy childhood. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Scott, mailto:robat_private Langley, Washington on Whidbey Island (a suburb with a moat) _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed May 07 2003 - 23:13:58 PDT