Darren Reed wrote:
>> What if when each syslogd starts up, it generates a nonce
>> using, say, a CRC of time, pid, and log file inode # - it need not be
>> cryptographically strong - and logs a message every whenever with
>> ${timestamp} syslogd: host nonce sequence-number
>
>If you're going to modify the text in the message, the consensus
>from the syslog working group was to append text as there is less
>likelihood of disrupting existing programs that expect the text
>to be formatted the way it is today.
Nope, I was thinking that the syslogd would just periodically
generate the message itself, from itself, so no tampering
with other messages would be necessary. A server that
cared, however, would then be able to measure loss per
client or restarts per client without requiring any additional
client smarts.
Of course 10 seconds after I hit "Send" I realized that the
flaw in my whole idea was that if you're going to replace
syslogd to include the feature I was proposing, then you
could just as easily replace it with a syslogd that didn't
suck and thereby solve the problem.
mjr.
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Tue Aug 10 2004 - 13:01:45 PDT