In some mail from Rob Scott, sie said: > > At 07:13 PM 5/7/2003, Darren Reed wrote: > >In some mail from Rob Scott, sie said: > > > My biggest pet peeve about traditional syslog daemons is that if the > > system > > > admin (me, usually) forgets to actually create the target file called out > > > in a syslog rule then syslog will only tell you about it at start time > > > rather than simply create the file in question. I admit that a truly > > > paranoid and control oriented admin may not wish a system utility like > > this > > > to go about creating files. However, I've always felt that if syslog can > > > detect that I haven't created a target log file why shouldn't it just go > > > ahead and create the fritzing thing rather than just whining about it. > > > >And who should own it and what permissions should it have on it ? > >And you would configure that in syslogd how ? > > > Syslog runs as root on most systems. Take a look at /var/log in Linux, and > you'll see that almost all of the log files already being used by syslog > are owned by root with permission 600. Makes sense (at least to me) that > syslog would create the files with owner root and permissions 600. I do > note that Solaris seems to put permissions of 644 on most files in > /var/adm, but I would favor 600 for those files that would be auto-created > by syslog. My point is that if creating a file syslog should adhere to > local or religious standards of the *nix flavor that it's running on. That's a very simplistic view of file ownership and file permissions on unix, how they're used and how people classify the information that is stored in the log files. *BSD come with a utility called "newsyslog" that has a separate configuration file to syslog.conf that contains information such as file permissions for creation of files on rollover. > >Not to mention that the other aspect of not logging to a file that > >is not there vs creating it on demand, creates a control mechanism > >for logging outside of syslogd itself, independant of syslog.conf. [...] > I'm not sure that I get your point here. If a log file target called out > in a syslog doesn't exist, syslog throws away the log entries destined for > that file. Yup! Good thing too! > Most implementations of syslog won't tell you that the file is > missing when they start up, Even better... Who's to say that the missing file is an error ? > so if you haven't created the file before you > start syslog you won't know that it's losing the messages destined for the > file. Or maybe you want them to not be recorded on disk ? It's really a case of "mv file file.x; kill -HUP `cat /etc/syslog.conf`" to turn off logging for that particular "line", temporarily. No need to change syslog.conf either. Depending on your perspective, this may or may not be a feature but it is an available consequence of the current implementations that will disappear if syslogd is changed to create files if it sees them as missing. It is a rather obtuse control channel, granted, but it is there as one... Darren _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed May 07 2003 - 23:18:09 PDT