-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 (Sorry for the crosspost, but I want to get as much coverage as possible)
First of, thank you everyone for responding! It's given me some food for thought, and I also found a lot of errors in what I thought would be best. Anyway, I've compiled a rough "wishlist" here, listing what people (including me) generally request. The reason for this is to get a discussion started, so we can all have the most efficient (and secure) logging possible. Please comment (if you wish) on the points noted here, but don't feel restricted to only those - I'm more than willing to consider other features... Here it goes: o One log with everything (like /var/log/syslog) o Authentication log (/var/log/auth.log) o Non-important stuff in separate logs (/var/log/<service>.{info,warn,err} o Human-readable date&time o Machine-processible (ie, fixed field widths, like now) o High-precision date/time (TAI64?) o Docs + inclusion in the "Securing Debian Manual" o /secure/ remote-logging (ie, crypto) o Fallback log (ie, if something gets missed, it is logged to fx. /var/log/missed) o Permission checking (?) o Running as non-root o Encrypted logs (Compressed?) o User-defined facilities (ie, firewall.info, xfree.err) After reading through the features which people would like to see, it seems to me that there is really need for something else besides sysklogd. What I really want to know is, why is syslog-ng and/or msyslog not more widely used? What do they lack? Compatibility and security are the only points I can see where they might not qualify as a total replacement. With that in mind, I've been considering making my own logger. Is this a good idea? I've considered it a bit, and thought it would be best to start with the current sysklogd source, and make small, tested changes to be sure that it's still safe & working. What do people think of this? So, anybody want to jump in and make some comments? Even if you think it's trivial what you have to say, please do so anyway. If you feel it's not worth everybody's mailbox, just mail me personally. Think of it as a poll :) And also, if "the people" think it's a good idea with a new syslogger, then there's the all-important question of the project name. Ideas are welcome :) Yours truly Kenneth Vestergaard Schmidt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjrXePQACgkQDoYBnf2u3ClpEgCdE0yIaKciVvRrXO0NPpdznFYh uygAni+LWrS3QP7mBAFmV1bv7C0ezqSw =PbVU -----END PGP SIGNATURE-----