Re: loggint through syslog - merlin corey - ru.sysoev.nginx

14 messages in ru.sysoev.nginxRe: loggint through syslog

From	Sent On	Attachments
Gabri Mate	Dec 16, 2009 1:52 pm
merlin corey	Dec 17, 2009 2:23 pm
Ryan Malayter	Dec 17, 2009 4:41 pm
merlin corey	Dec 17, 2009 4:56 pm
Ryan Malayter	Dec 17, 2009 9:33 pm
merlin corey	Dec 18, 2009 5:13 pm
Ryan Malayter	Dec 19, 2009 7:03 pm
Vinay Y s	Dec 20, 2009 8:49 am
Peter Leonov	Dec 20, 2009 2:52 pm
Michael Shadle	Dec 20, 2009 2:56 pm
Kingsley Foreman	Dec 20, 2009 3:04 pm
Michael Shadle	Dec 20, 2009 3:10 pm
merlin corey	Dec 21, 2009 5:15 pm
Ryan Malayter	Dec 23, 2009 6:45 pm

Subject:	Re: loggint through syslog
From:	merlin corey (merl...@dc949.org)
Date:	Dec 17, 2009 4:56:30 pm
List:	ru.sysoev.nginx

On Thu, Dec 17, 2009 at 4:41 PM, Ryan Malayter <mala...@gmail.com> wrote:

On Thursday, December 17, 2009, merlin corey <merl...@dc949.org> wrote:

Many log analyzers work fine with multiple files from multiple sources, at least I know analog does. Failing that, you could write a script to aggregate the logs...

I think a more important use case for syslog is enabling tamper-resistant logs to another system. Syslog over IPSec to an unrelated system is a lot more confidence inspiring to security folks than a local text file that can be modified after a breach.

If you want to wear that security blanket, go ahead.

If you are worried about the integrity of your logfiles, you should implement some kind of integrity checking on every important point. This means that even if you do push things over your favorite secure protocol to another system you'll want to do some kind of integrity checking there because someone could break in and tamper with the data on the "secure" system.

Security folks know that everything breaks, so they plan for and monitor breakages.

What's the plan for when the syslog server goes down? No logs at all then?

-- Merlin

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets