On Tue, Oct 9, 2012 at 5:24 PM, Lennart Poettering <mzerq...@0pointer.de> wrote: > I am not generally against adding time-based rotation, but really, this > is much less of a "necessity" than other things the journal provides, > which syslog does not: for example per-service rate limits, and > unfakable meta-data for log messages. I mean, really, how can we ship > a syslog where every random user can fake messages, say they are from a > privileged process and offer no way how to detect that?
I think you overestimate how much a sysadmin cares about fake messages. The thing that's really important to a sysadmin is to make sure that none of the REAL messages are lost. If someone fakes root login entries by using something as trivial as "logger", I can easily establish they are fake by looking at auditd logs. And then I would *really* make that user regret their actions by using blunt cryptanalysis tools. So, it's not accurate to say that we don't currently have ways to detect that. Regards, -- Konstantin Ryabitsev LinuxFoundation.org Montréal, Québec -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
