On Wed, May 07, 2003 at 10:48:19PM -0700, Rob Scott wrote: > At 07:13 PM 5/7/2003, Darren Reed wrote: > >In some mail from Rob Scott, sie said: > >> My biggest pet peeve about traditional syslog daemons is that if the > >system > >> admin (me, usually) forgets to actually create the target file called out > >> in a syslog rule then syslog will only tell you about it at start time > >> rather than simply create the file in question. I admit that a truly > >> paranoid and control oriented admin may not wish a system utility like > >this > >> to go about creating files. However, I've always felt that if syslog can > >> detect that I haven't created a target log file why shouldn't it just go > >> ahead and create the fritzing thing rather than just whining about it. > > > >And who should own it and what permissions should it have on it ? > >And you would configure that in syslogd how ? > > > Syslog runs as root on most systems. Take a look at /var/log in Linux, and > you'll see that almost all of the log files already being used by syslog > are owned by root with permission 600. Makes sense (at least to me) that > syslog would create the files with owner root and permissions 600. I do This is what SDSC Syslog does when it finds one of it's output files missing. The rational is that if syslogd is creating files they should allow minimal access, as syslogd has no idea what the site policy is. In my view it's better to have too restrictive permissions than too loose permissions on automatically created log files. The flip side of this is that syslogd should _never_ change the permissions on a log file which already exists. > note that Solaris seems to put permissions of 644 on most files in > /var/adm, but I would favor 600 for those files that would be auto-created > by syslog. My point is that if creating a file syslog should adhere to > local or religious standards of the *nix flavor that it's running on. > > >Not to mention that the other aspect of not logging to a file that > >is not there vs creating it on demand, creates a control mechanism > >for logging outside of syslogd itself, independant of syslog.conf. > > All of my comments are from my experiences with BSD 4.1/4.2, Sun/OS, > Solaris and RedHat Linux. Your *nix may vary. > > I'm not sure that I get your point here. If a log file target called out > in a syslog doesn't exist, syslog throws away the log entries destined for > that file. Most implementations of syslog won't tell you that the file is > missing when they start up, so if you haven't created the file before you > start syslog you won't know that it's losing the messages destined for the > file. I agree. If someone wants logging turned off for a time they should comment it out in the config file. Using the missing log file as a control channel seems like it would cause more problems than it's worth. Especially in environments where there is more than one sysadmin. -- Devin Kowatch devinkat_private _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu May 08 2003 - 16:22:26 PDT