Mailinglist Archive: opensuse-factory (564 mails)
| < Previous | Next > |
Re: [opensuse-factory] Human readable, what is that? (was [12.1] massive data loss in /var/tmp/)
- From: Greg Freemyer <greg.freemyer@xxxxxxxxx>
- Date: Mon, 26 Dec 2011 15:22:05 -0500
- Message-id: <CAGpXXZJ7vvj+YtFVePqifm9onLzQoG8icsqQyM_o6DtrSYjLDA@mail.gmail.com>
On Mon, Dec 26, 2011 at 10:00 AM, Stefan Seyfried
<stefan.seyfried@xxxxxxxxxxxxxx> wrote:
I have done the work and definitely would love signed tamper-proof logs.
I have reviewed FTP, Webserver, and SMTP logs for legal reasons. It
complicates life not knowing if those logs can be truly trusted as
really having been originated by the daemon in question.
Note that it is too late by the time the investigation starts. The
underlying logging needs to be tamper resistant from prior to the
incident under investigation.
Greg
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx
<stefan.seyfried@xxxxxxxxxxxxxx> wrote:
2) Ability to write and read logs faster then before.Speed is not an issue.
I've processed gigabytes of text logs quickly enough when doing forensics.
If you've really ever done real forensics, you'd probably value signed
tamper-proof log entries.
I have done the work and definitely would love signed tamper-proof logs.
I have reviewed FTP, Webserver, and SMTP logs for legal reasons. It
complicates life not knowing if those logs can be truly trusted as
really having been originated by the daemon in question.
Note that it is too late by the time the investigation starts. The
underlying logging needs to be tamper resistant from prior to the
incident under investigation.
Greg
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx
| < Previous | Next > |