On Mon, May 10, 2004 at 11:06:13AM +0100, markzero@logik.ath.cx wrote:
Sorry to interrupt but: I actually wanted this exact organisation system (/path/to/logs/$HOST) but I decided against it because of what I read in the syslog-ng FAQ. Is this information out of date?.
You would need to be specific about the information you mean, but the answer is no. It's always good advice to not trust input from the network (including the DNS), it's up to you to audit the syslog-ng source code to see what sanity checks it puts on the input, and up to you to ensure that your configuration doesn't compromise your security. The FAQ just gives generally good advice. If someone can prove that syslog-ng will never compromise a host's security because of filenames created using macro expansion (good luck proving perfect security), then I'll update the FAQ. It should be noted that many, if not most people do use the hostname to log by directory and no ill effects have been reported (to my knowledge) besides the junk directory names. My randomly chosen signature is closely related, must be a sign. -- Nate Your mantra for today is: Don't let data from the network near a shell. Bad things happen. -- Randall Schwartz