Syslog via UDP for chrooted environments
Matt Warner
matt at warnertechnology.com
Sat May 19 10:24:23 EST 2012
Good afternoon.
I'm new to the list, so apologies in advance if the noob in me comes
through too loudly.
>From things I've read in the distant past, I have the impression that
the OpenSSH project tries to keep new features to a minimum, and there
are good security reasons to do this. That said, one feature that I
feel would be a good addition to OpenSSH is the ability to send logs
via UDP directly to a syslog server. It seems to me that the benefits
of this approach include:
1. No need to setup /dev/log in every chroot. This is a huge plus
for anyone dealing with a large number of chrooted users or in
environments where the underlying filesystem has the "nodevices" flag
set (I have both).
2. The logs are sent directly from the application, with no reliance
on the syslogd of the host OS. For users that have separation of
responsibilities, having logs go directly to a syslog server
maintained by a separate group is a plus since it's more difficult to
tamper with the logs.
3. The code to add the ability to send the log messages over UDP to
a server is relatively trivial and requires only minimal changes to
the existing code. That is, it's relatively self contained.
4. I've written code to do this, but wanted to gauge the reaction of
the group before I attempt to submit anything.
I understand if there's no interest in adding this to the existing
OpenSSH code base, but thought I should at least pose the question.
I'm also interested to hear comments and thoughts about the pros and
cons of adding functionality like this.
Regards,
Matt
More information about the openssh-unix-dev
mailing list