Re: working on a new syslogd.

[Darren Reed <avalon () coombs anu edu au>]

In some mail from Aleph One, sie said:
> Why not work with the CORE S.A. folks that are working on ssyslog? Works
> fine around here expect for a few gotchas, like not being able to rotate
> logs without user intervention. I also wonder how broad Schneier's patent
> would be. Crypto hash chaining has been around for some time now.

My main problem with encryption of the logs is that one of the design goals
is for the messages logged to be "backward compatible" with the current
syslogd so all those scripts and other things which scan log files now do
not need to change.  I think people would be surprised just how many
packages (commercial and non) depend on that format in plain text.

As it is now, it can be dropped in to replace syslogd and provide the same
functionality.  Then when the sysadmin has time, they can migrate their
config but not have to worry about anything which depends on the logs.

Darren

p.s. someone asked about rotation - that is a job for newsyslog and isn't
something I want to integrate (was considered).  Also, again, there are
other scripts/tools which it would needlessly interfere with.