[syslog-ng] Syslog-ng log file overwrite
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Mon Mar 19 22:41:11 CET 2007
On Mon, 19 Mar 2007 18:38:30 BST, Balazs Scheidler said:
> Do you need this information for locally generated messages or messages
> that are received on a network? For local processes it should be
> possible to get the sender's credentials, at least on some of the
> platform that syslog-ng supports. What platform are you using?
Note that as the Linux LSPP project has found out, "the sender's credentials"
is a very squishy concept indeed. You already have a (admittedly possibly
forged) process name/number in the message. The real gotcha is that the vast
majority of the time, you already *know* the answer to this question - if
it's sendmail, or ssh, or any one of the vast flock of daemon processes that
do the majority of logging, it's "root" or "apache" or "cups" or similar.
What you're often more interested in is "The identity of the user on who's
behalf this message was generated". You already *know* that the message is
from CUPS - what you want to know is which user's print job bombed and caused
the message.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070319/cbbaefd6/attachment.pgp
More information about the syslog-ng
mailing list