RE: WORM file system for logging

["Marcus J. Ranum" <mjr () nfr net>]

As attractive as WORM drives appear, they are a pain in
the butt to use - our group had one at a distant job, and
it never got set up at all because it was such a pain to
align and configure. :( Add to that the fact that the
filesystems tend to overwrite (like a multimode CDROM)
and it doesn't work very well.

I guess the question is one of requirements. If what you
need is a tamper proof storage medium, I'd suggest a
whacked-on PC with a cut transmit lead that sucks
syslog packets straight off the wire, then bundles
the data and moves it to a CD-R every so often. (You
could build this easily with and NFR, all except the
CD-R integration which is an exercise for the reader)

You've got a problem any time that you want to pull
data off a network and commit it to a permanent log.
The logging agent or the logger could be accidentally
or deliberately DOS attacked. That might result in
data loss. Can't trust the endpoints to queue up data
because it might be corrupted, etc, etc.

Perhaps if you can tell us your requirements, we can
suggest something that'd match more closely.

mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr