Re: how to implement an append only log file?

From: Dale Dellutri (ddelQQQlutr_at_panQQQix.com)
Date: 11/07/04 

Date: Sun, 7 Nov 2004 14:03:44 +0000 (UTC)

On 5 Nov 2004 23:42:49 -0800, Josef Jarousse <bonzinib60@arcor.de> wrote:
> I have the following problem:
> I design a system and I would like it to trace each action the system
> does. Especially it would be important that even the programm calls
> from the admin are logged too. What I want is a log file which has an
> owner that is different from the admin (internal audit for example)
> and in which the application writes some informations about started
> modules etc.. This log file should be "append-only" so that nobody can
> delete some entries in it.
> Is there a way to implement such a log file?

If you really want to create such a log file, you would need to modify
the OpenVMS system code so that
  1. no one, not even a fully privileged user ("admin" ?), could turn
off logging (audit events?), and
  2. send the log entries to another machine which is solely
controlled by "internal audit", whoever that might be. This way, a
fully privileged user could not delete entries. Of course, there
would have to be some sort of handshake that ensures that the entries
were going to the correct logging machine, something like what ssh
does to ensure that the connectionis being made to the correct
machine.

Not easy, but I think it's doable. But it certainly requires
modification to OpenVMS system code. 

-- 
Dale Dellutri <ddelQQQlutr@panQQQix.com> (lose the Q's)

Relevant Pages

  • Re: Log File Trimming
    ... M> delete all entries older then 1 month. ... That would mean deleting ... this only works if the server reopens the file. ... have a way to trigger them to rotate a log file i.e. close the current ...
    (comp.lang.perl.misc)
  • Re: Permissions on Event Log?
    ... If I create a custom log file and fill the entire hard drive that effects ... Adding an event source affects the whole system and not that single user - ... You could have an admin install, but then the user may need to log off ...
    (microsoft.public.dotnet.security)
  • Re: LDIFDE import problem
    ... Here is the log file created from the LDIFDE attempt. ... ldap administrator which I set up, but apparently it does not have ... sufficient rights to write new entries to the ldap? ... MVP Microsoft MVP - Directory Services ...
    (microsoft.public.windows.server.active_directory)
  • Re: HA CMP Resources synchronisation failed
    ... CLUSTER VERIFY OR SYNCH FAILS WITH MSG INDICATING ... The cluster.log log file has already been redirected via ... If you wish to redirect this log again, ... Remove tabs between fields of /etc/syslog.conf file entries. ...
    (AIX-L)
  • Re: How to dynamically display entries made into a growing log file
    ... You'd gain the benefits of easy timestamping your entries, ... I have a windows service which writes into a log file periodically ... invocation should continuously display the contents of the log file. ...
    (microsoft.public.dotnet.languages.csharp)