loggint through syslog

merlin corey merlincorey at dc949.org
Fri Dec 18 03:57:08 MSK 2009


On Thu, Dec 17, 2009 at 4:41 PM, Ryan Malayter <malayter at gmail.com> wrote:
> On Thursday, December 17, 2009, merlin corey <merlincorey at dc949.org> wrote:
>> Many log analyzers work fine with multiple files from multiple
>> sources, at least I know analog does.  Failing that, you could write a
>> script to aggregate the logs...
>
> I think a more important use case for syslog is enabling
> tamper-resistant logs to another system. Syslog over IPSec to an
> unrelated system is a lot more confidence inspiring to security folks
> than a local text file that can be modified after a breach.
>
>
> --
> RPM
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
>

If you want to wear that security blanket, go ahead.

If you are worried about the integrity of your logfiles, you should
implement some kind of integrity checking on every important point.
This means that even if you do push things over your favorite secure
protocol to another system you'll want to do some kind of integrity
checking there because someone could break in and tamper with the data
on the "secure" system.

Security folks know that everything breaks, so they plan for and
monitor breakages.

What's the plan for when the syslog server goes down?  No logs at all then?

-- Merlin



More information about the nginx mailing list