Log service security

Various security measures apply to logging.

Separate log services

Each service generally has its own dedicated logging service, writing to its own dedicated logging area. (A few services, usually a group of strongly related or tightly coupled ones, share a single dedicated logging service among them.)

Dedicated log user accounts

All logging service bundles have a dedicated user account associated with them. These accounts are created by installing the "bundles" package. (They are not destroyed by deinstalling that package; because deinstallation, being possibly a prelude to reinstallation, does not remove log files.)

Reliable log rotation

This applies to cyclog and to many of the alternatives one can use in place of it.

Because the program writing the log files is the same program that does the log rotation, it knows exactly when to perform rotation. There are no windows of opportunity to fill the log storage volume up before the next scheduled rotation, as in older architectures. Rotations are not scheduled, at all; they are triggered by the writer knowing that it would otherwise be about to exceed a size limit. The size caps on log files and on total log directory size are reliable. One can budget space on a log storage disc, by totalling up maximum configured log sizes, with confidence.

Nor does log rotation trigger one of the well known problems with GNU tail and BSD tail. (If a log file is truncated and then quickly written to, neither tail will output all log data.) The log file writer never truncates, or indeed modifies, log files once it has written them up to the size limit. Rather, it switches in a new file, with a fresh i-node.

Indeed, log files are only ever written to in strictly sequential, append-only, fashion. These behaviours can be relied upon if one wants to place log directories on storage devices that don't like it when one overrwites the same file(s) in place over and over.

(GNU tail and BSD tail have more than one problem, though. For avoiding the other problems, one has to use something like follow-log-directories which actually knows that it is looking at a log directory, rather than only knowing to look at a single file.)

Compatibility services

Services that provide compatibility with the old "syslog" mechanism comprise a "main" log reading service and a "log" writer service, and posess several security measures.

There are some problems that are, however, inherent in the nature of log services that listen to the world, or even locally, receiving all messages sent to a particular socket endpoint to which multiple clients can connect.