[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opensuse-security] No time stamps in audit.log?



On 09/03/2014 08:16 PM, Carlos E. R. wrote:
> And, when apparmour starts logging a , it slows down the processes it is
> watching, I believe. The processes can not go ahead faster than those
> events are written, they have to wait - so everything crawls. Thus
> writing those events fast is important. This is a guess, I haven't
> verified it, but an educated guess.

I've worked in those settings and yes it matters!
Our great hate was the old DEC stuff that sent multi line "status" and
"completion" announcements -- I can't call them nice neat syslogs or
records such as we are discussing in this thread -- with lots of junk,
rather than the stripped down raw data.  Just stuffing all that in the
database was a PIG.

Well those old machines were slow compared to a modern intel server.
Archaic accounting software that *had* to be supported since the
brokerage firm wouldn't let go.  Heck, one keen programmer coded up a
replacement in perl.  It was faster!  Mind you, a shell script would be
faster!  But noooooo, they wouldn't let go.   We hated that machine.
Even the poor guy who, in a  weak moment, admitted he had once, long
ago, syadmin'd them and so got lumped with doing it again in
there-and-now hated them.  Career limiting move, that, poor guy.
*WE* wanted to turn off the logging since it was slowing down the log
database parser, but noooooo.

I don't know what happened in the end.  I transferred, the guys that
installed and ran it transferred ...  I suspect that poor sysadmin found
another job elsewhere.

Of course to the people in Mahogany Row who bought out that brokerage
firm such implementation and operation details never matter.  Right
until they get to the point where they have no sysadmin and it falls
over.   They never really figure "Operational Risk" in that sense, do they?





-- 
helicopter (n): 30,000 parts in tight orbit around a hydraulic fluid
leak, waiting for metal fatigue to set in.
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx