1 |
Ow Mun Heng wrote: |
2 |
|
3 |
>Just wondering if anyone here has any pro/cons in using a system logger |
4 |
>such as metalog or syslog/ng on an embedded system. |
5 |
> |
6 |
> |
7 |
|
8 |
Something goes wrong, and you ask: what happened? |
9 |
Something goes right and you ask: What happened? |
10 |
|
11 |
The logs tell you. |
12 |
|
13 |
>The point here is to make it write as little as possible right? What's |
14 |
>the use of a logger (except for the obvious). |
15 |
> |
16 |
> |
17 |
|
18 |
You normaly want a logger for logging things :) |
19 |
|
20 |
Seriously, if you do firewalling or network security stuff, the logs are |
21 |
very important. In case of a breaking/whatever, the logs are your only |
22 |
evidence that it happened. |
23 |
|
24 |
A intruder will try to erase the logs, the traces that he has been there. |
25 |
|
26 |
>Though we can always direct the log files to a tmpfs directory that |
27 |
>doesn't survive reboots. |
28 |
> |
29 |
> |
30 |
|
31 |
Syslog has also a remote function. You can send the logs to a remote server. |
32 |
|
33 |
Some paranoid people send the logs to a line printer. (impossible to |
34 |
erase remotely) You can accomplish something similar with a dedicated |
35 |
computer as syslog server. connect with crossover cable and cut 2 of the |
36 |
wires. Then will the network communication be oneway (from your |
37 |
router/firewall -> logserver). This works because syslog uses UDP. |
38 |
|
39 |
>Any comments? |
40 |
> |
41 |
> |
42 |
|
43 |
Busybox has an integrated syslog. Its small and normally good enough |
44 |
(you don't need to install metalog) |
45 |
|
46 |
Somekind of logratating make you save space. I dont know if that goes |
47 |
automatically in busybox or if you need to ron logrotate from a cronjob. |
48 |
|
49 |
-- |
50 |
Natanael Copa |
51 |
|
52 |
-- |
53 |
gentoo-embedded@g.o mailing list |