On Thu, Dec 17, 2009 at 4:41 PM, Ryan Malayter <malayter@gmail.com> wrote:
> On Thursday, December 17, 2009, merlin corey <merlincorey@dc949.org> wrote:
>> Many log analyzers work fine with multiple files from multiple
>> sources, at least I know analog does.  Failing that, you could write a
>> script to aggregate the logs...
>
> I think a more important use case for syslog is enabling
> tamper-resistant logs to another system. Syslog over IPSec to an
> unrelated system is a lot more confidence inspiring to security folks
> than a local text file that can be modified after a breach.
>
>
> --
> RPM
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://nginx.org/mailman/listinfo/nginx
>

If you want to wear that security blanket, go ahead.

If you are worried about the integrity of your logfiles, you should
implement some kind of integrity checking on every important point.
This means that even if you do push things over your favorite secure
protocol to another system you'll want to do some kind of integrity
checking there because someone could break in and tamper with the data
on the "secure" system.

Security folks know that everything breaks, so they plan for and
monitor breakages.

What's the plan for when the syslog server goes down? No logs at all then?

-- Merlin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx