| |||||||||||||
The Journal - a proposed syslog replacementThe Journal - a proposed syslog replacementPosted Nov 19, 2011 1:03 UTC (Sat) by Wol (guest, #4433)In reply to: The Journal - a proposed syslog replacement by quotemstr Parent article: The Journal - a proposed syslog replacement
The problem with a line printer is simple, and it's the same as a simple text logfile.
If your system is spewing log entries, the "signal" - warning signs of a hack - get lost in the noise.
At least with a logfile you can grep for trouble (although really you want to do the opposite, anti-grep for stuff you know about).
But whatever you do it's a tricky problem, although I would tend to agree with another poster - just add a signed hash field to the current text format.
Cheers,
(Log in to post comments)
The Journal - a proposed syslog replacement Posted Nov 19, 2011 8:35 UTC (Sat) by PO8 (guest, #41661) [Link]
The Journal seems to require magic storage HW for the current hash. Why not just write the whole log file there? It really isn't hard in 2011 to hook a microcontroller with an SD card slot and a USB port to the host. Add some software and you've got a cheap secure append-only store that can hold 16GB. You could put a reset switch on the package so that if you were to fill it up (hing: you won't) you could clear it and start over.
You get to keep your logs as textfiles, you can search the secure copy, almost no software has to change. Seems like The Journal done right to me.
|
|||||||||||||