[aklug] Re: syslog-ng output to console

From: Jeremy Austin <jhaustin@gmail.com>
Date: Tue Jan 04 2011 - 05:57:00 AKST

On Mon, Jan 3, 2011 at 10:31 PM, Christopher Howard
<christopher.howard@frigidcode.com> wrote:
> In other words, by default all incoming messages are routed to console
> tty12, which you can view by pressing ctrl-alt-F12, as well as to the
> root-access-only /var/log/messages file. So it seems kind of silly to
> store all log entries in a secure messages file on disk, but then make
> them free for anyone to view by switching the virtual console 12.

If someone has access to console 12, you have worse problems to
consider than whether /var/log/messages is readable by anyone other
than root.

> In any case, I was wondering if there was a reason log messages needed
> to be dumped to console, or if I could safely comment out that part of
> the config file.

Consider this scenario. Serious I/O disruption render the system
nearly unresponsive; you can't ssh in, can't log in locally, and in
worst cases lines can't even be written to /var/log/messages. It can
be very useful forensics to check console 12 for helpful messages
before rebooting and possibly losing the logging information that will
enable you to fix what's wrong.

jermudgeon
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Jan 4 05:57:28 2011

This archive was generated by hypermail 2.1.8 : Tue Jan 04 2011 - 05:57:29 AKST