Re: [logs] idea: let's scare ourselves...

From: Marcus J. Ranum (mjr@private)
Date: Tue Aug 10 2004 - 12:48:15 PDT

Darren Reed wrote:
>>       What if when each syslogd starts up, it generates a nonce
>> using, say, a CRC of time, pid, and log file inode #  - it need not be
>> cryptographically strong - and logs a message every whenever with
>> ${timestamp} syslogd: host nonce sequence-number
>If you're going to modify the text in the message, the consensus
>from the syslog working group was to append text as there is less
>likelihood of disrupting existing programs that expect the text
>to be formatted the way it is today.

Nope, I was thinking that the syslogd would just periodically
generate the message itself, from itself, so no tampering
with other messages would be necessary. A server that
cared, however, would then be able to measure loss per
client or restarts per client without requiring any additional
client smarts.

Of course 10 seconds after I hit "Send" I realized that the
flaw in my whole idea was that if you're going to replace
syslogd to include the feature I was proposing, then you
could just as easily replace it with a syslogd that didn't
suck and thereby solve the problem.


LogAnalysis mailing list

This archive was generated by hypermail 2.1.3 : Tue Aug 10 2004 - 13:01:45 PDT