[syslog-ng]Eventog to syslog

Nate Campi syslog-ng@lists.balabit.hu
Mon, 10 May 2004 06:40:17 -0700


On Mon, May 10, 2004 at 11:06:13AM +0100, markzero@logik.ath.cx wrote:
> 
> Sorry to interrupt but: I actually wanted this exact organisation
> system (/path/to/logs/$HOST) but I decided against it because of what
> I read in the syslog-ng FAQ. Is this information out of date?.

You would need to be specific about the information you mean, but the
answer is no. It's always good advice to not trust input from the
network (including the DNS), it's up to you to audit the syslog-ng
source code to see what sanity checks it puts on the input, and up to
you to ensure that your configuration doesn't compromise your security.

The FAQ just gives generally good advice. If someone can prove that
syslog-ng will never compromise a host's security because of filenames
created using macro expansion (good luck proving perfect security), then
I'll update the FAQ. It should be noted that many, if not most people do
use the hostname to log by directory and no ill effects have been
reported (to my knowledge) besides the junk directory names.

My randomly chosen signature is closely related, must be a sign.
-- 
Nate

Your mantra for today is: Don't let data from the network near a
shell. Bad things happen.                    -- Randall Schwartz