Mailing List Archive

On Thu, 28 Nov 2002, Kjell Andresen wrote:

> http://www.conserver.com/FAQ didn't say anything about logging to
> or via syslog.
> I think it might be a good idea to maintain a second copy at some
> loghost in order to be able to now what's been done if or when attacked.

No answer to this one yet.

> Timestamps is also valuable in this process.
> (just to add a linw with date message every hour or so)
>
> If it's possible already it would be nice to know! (v7.2.4)

It is. It's very simple as well. Just by adding a line to conserver.cf:

TIMESTAMP=1h

gives:

==> /site/var/consoles/jeffreys.log <==
[-- MARK -- Fri Nov 29 10:00:00 2002]

==> /site/var/consoles/nox.log <==
[-- MARK -- Fri Nov 29 10:00:00 2002]

Regards,
Kjell Andresen Systems administrator, University of Oslo, Norway
Center for Information Technology Services and
Department of Geophysics

On Fri, Nov 29, 2002 at 10:20:17AM +0100, Kjell Andresen wrote:
> On Thu, 28 Nov 2002, Kjell Andresen wrote:
>
> > http://www.conserver.com/FAQ didn't say anything about logging to
> > or via syslog.
> > I think it might be a good idea to maintain a second copy at some
> > loghost in order to be able to now what's been done if or when attacked.
>
> No answer to this one yet.

nope, no current way of doing that within conserver. i suppose you
could hack something together by running conserver and piping the
output to a tool that would both log the data locally and send it
remotely (i'm think of something like a remote 'tee' command). but, i
don't have anything like that. the syslog idea is already in the TODO
file as a reminder that it would be useful...can't say when it would be
added, though.

Bryan

I hacked something similar into my version. Plus the buffers are
available via SSL and a web browser connection. 2nd there is no easy way
to destroy our log files. Yet another addition. We store our data in
Kernel memory. Not files in /var/log or anywhere else. This also
required modifications to Replay().

The answer is that with enough time you can easily add this feature.
I'm not sure I agree that Syslog is a good spot. It could get busy in
that file if you get a lot of output. But I would suggest that you use
a line read method and place the console output in there by line.

Now when it comes to general conserver messages, I log them to syslog.
I have a mechanism that any daemon output on STDOUT or STDERR magically
finds it's way into SYSLOG. This is with no modifications to any of the
code itself. We had to add this for other daemons as well.


On Sat, 2002-11-30 at 13:09, Bryan Stansell wrote:
> On Fri, Nov 29, 2002 at 10:20:17AM +0100, Kjell Andresen wrote:
> > On Thu, 28 Nov 2002, Kjell Andresen wrote:
> >
> > > http://www.conserver.com/FAQ didn't say anything about logging to
> > > or via syslog.
> > > I think it might be a good idea to maintain a second copy at some
> > > loghost in order to be able to now what's been done if or when attacked.
> >
> > No answer to this one yet.
>
> nope, no current way of doing that within conserver. i suppose you
> could hack something together by running conserver and piping the
> output to a tool that would both log the data locally and send it
> remotely (i'm think of something like a remote 'tee' command). but, i
> don't have anything like that. the syslog idea is already in the TODO
> file as a reminder that it would be useful...can't say when it would be
> added, though.
>
> Bryan
> _______________________________________________
> users mailing list
> users@conserver.com
> https://www.conserver.com/mailman/listinfo/users
>
>