On 01/04/2011 05:57 AM, Jeremy Austin wrote:
> On Mon, Jan 3, 2011 at 10:31 PM, Christopher Howard
> <christopher.howard@frigidcode.com> wrote:
>> In other words, by default all incoming messages are routed to console
>> tty12, which you can view by pressing ctrl-alt-F12, as well as to the
>> root-access-only /var/log/messages file. So it seems kind of silly to
>> store all log entries in a secure messages file on disk, but then make
>> them free for anyone to view by switching the virtual console 12.
>
> If someone has access to console 12, you have worse problems to
> consider than whether /var/log/messages is readable by anyone other
> than root.
>
>> In any case, I was wondering if there was a reason log messages needed
>> to be dumped to console, or if I could safely comment out that part of
>> the config file.
>
> Consider this scenario. Serious I/O disruption render the system
> nearly unresponsive; you can't ssh in, can't log in locally, and in
> worst cases lines can't even be written to /var/log/messages. It can
> be very useful forensics to check console 12 for helpful messages
> before rebooting and possibly losing the logging information that will
> enable you to fix what's wrong.
>
> jermudgeon
> ---------
I'm always concerned about blocking. If I push 100 megs of messages to syslog in a few
seconds it will end up in /var/log/messages on file P.D.Q. But will writing to the
console block that from happening while waiting for the console to return? I'm unsure if
syslog waits for the console.. I don't think it does but it means that for the next hour
my console will have 100 megs of text scrolling past it. It's just not as responsive.
Alternatively you can use screen or many other utilities to set up non blocking and
scrollback/search aware virtual terminals on a tty which can make what you consider the
use of tty12 would be.. useful. Remember that you can't scroll back once you switch your vt.
Check out vtgrab and screens ability to connect directly to a terminal (or be executed by
your getty) without any blocking and with the ability to connect to it remotely. Then you
can simply run tail on /var/log/messages vs modifying syslog-ng
I've been using rsyslog a lot and I .. really .. like it.
You might want to also consider remote syslog reception on a machine that you can simply
grep through logs on without bogging down the server sending them.
- Shane
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Jan 4 10:22:19 2011
This archive was generated by hypermail 2.1.8 : Tue Jan 04 2011 - 10:22:19 AKST