Rajko wrote:
On Wed, 01 May 2013 11:10:32 +0200 Stefan Seyfried <stefan.seyfried@googlemail.com> wrote:
With traditional logging, a few bytes of garbage in the logfile will be exactly that: a few bytes of garbage. Nobody will care. I can still extract everything.
Nobody will care only if log presence is important only to troubleshoot technical problems, but usually it will raise a flag about possibility that someone else fiddled with logs,
Not at all -- it is FAR more likely that the logging daemon didn't shut down the log properly and garbage got put there. HW & SW malfunctions are far more likely to be the cause of something than tampering. Regardless, w/text logs there is nothing preventing you from recovering the undamaged portions, but conversely, you are raising the issue of how easy it is for a hacker to cover their tracks -- just a few bytes in the log and it is corrupt and can't be recovered. You think that is better? There are no benefits of binary logs to system owners, but there is large benefit for those who want to easily cover their tracks. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org