[syslog-ng][PATCH] netmask-filter

Gert Menke gert@menke.za.net
Tue, 22 Jan 2002 02:33:02 +0100


Hi,

> I am sorry Gert - My fault for not explaining more , and I thought it was
> inherently obvious what it has to do with your filter.
It still isn't obvious to me, sorry...

> Let me ask "Gert what is the point of collecting logging information
> anyway?" So that we as a systems admin can prove what went on inside our
> systems - leaving us as the weak link in the evidentiary chain of custody
> for events taking place inside the audit envelope around your systems.
Well, we cannot _prove_ what happened on our machines; as admin it is easy
to fake logfiles so they "prove" anything we want. As you said, the admin
is the "weak link" here.
Instead, logging information gives us hints about misconfigurations or
attempted (and possibly successful) intrusions into our machines.
(Assuming that nobody can mess with the loghost...)
I'm sure you can use or abuse a syslog daemon for lots of other useful
things...

So, does anybody else on this list want to comment about my patch?
Balazs, will you include it in future versions of syslog-ng?

Greetings
Gert