On Mon, Dec 26, 2011 at 10:00 AM, Stefan Seyfried <stefan.seyfried@googlemail.com> wrote:
2) Ability to write and read logs faster then before. Speed is not an issue. I've processed gigabytes of text logs quickly enough when doing forensics.
If you've really ever done real forensics, you'd probably value signed tamper-proof log entries.
I have done the work and definitely would love signed tamper-proof logs. I have reviewed FTP, Webserver, and SMTP logs for legal reasons. It complicates life not knowing if those logs can be truly trusted as really having been originated by the daemon in question. Note that it is too late by the time the investigation starts. The underlying logging needs to be tamper resistant from prior to the incident under investigation. Greg -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org