[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

logging facilities



This is somewhat of a feature request, I suppose.

I wan't to write a sort of meta-IDS system that will use tools like PAM,
Snort, etc as sensors.  I was thinking that the most easy way to get
info (however, not the most high performance way) would be to just read
syslog.  However, I'm running into the problem that PAM does not really
seem to have any rules in how it logs - there's no specific defined
grammar used.  This makes it tough for parsing, and for converting to
other languages.  The solution that I see, is to define error codes that
would prefix a logged message, and a defined grammer for arguements of
each message - this so that in new versions there'll be less chance of
change that would break parsers.

Thoughts? I dont know PAM/C enough to implement that sort of change (I
dont think that I do anyway)... but it's something that I think would
benifit users of pam :)

Thanks,
Mathew Johnston





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []