Slashdot Mirror

← Back to Stories (view on slashdot.org)

EFF's Logfinder

Posted by CmdrTaco on from the watching-the-watchers dept.

clonebarkins writes "EFF has just released a new software tool called "logfinder" to help server admins find (and delete) unnecessary log files on their boxen. "By finding unwanted log files, logfinder informs system administrators when their servers are collecting personal data and gives them the opportunity to turn logging off if it isn't gathering information necessary for administering the system.""

2 of 169 comments (clear)

  1. interesting... by Spider[DAC] · · Score: 5, Informative

    Actually, it uses lsof and a few other niceties to locate open files that change over time, then scans them for presence of time/date stamps, mailaddress or other "log" activity.

    So, no, its not just "locate log" that somone suggested, nor is it "find /var/log" either, but a bit more complex.

    As for the comment about competent site-admin. This is a bit more than that too, its also about users and active software, peoples IRC logs, various ftp clients that clobber up and log passwords along with everything else in their config dir. And so on and so forth.

    --
    I didn't do this, now did I?
  2. Re:I appreciate the effort but... by EnronHaliburton2004 · · Score: 4, Informative

    Admittedly NT logfiles are slightly more organised than *nix logfiles. Most will at least be under c:\Windows\system rather than spread over /etc /var /usr /root /usr/X11 and even (I kid you not) /bin. The rather haphazard way different programs save their files about *nix systems can be a headache sometimes. It would be nice if someone would standardise the process.

    I don't think you understand *nix logging, or you've been working with poorly-designed systems.

    Locations for log files has been pretty well standardized by Posix and the LSB. Logs generally go in /var/log (or /var/adm on older systems), or in $APPLICATION_ROOT/log. A sysadmin might write a log to /var or /root, but those are temporary logs.

    Logfiles which end up in /etc, /bin, /usr or /usr/X11 is the result of poor or very old configuration.

    Now, compare this to a Windows 2003 Server running Exchange 2003, where the log files in c:\windows c:\Windows\system c:\Windows\system\Logfiles c:\Windows\system\security
    C:\Program Files\Exchsrvr\ C:\Program Files\Exchsrvr\MDBDATA C:\Program Files\Exchsrvr\mtdata . Many of the logfiles are not viewable with a text viewer. Some of the log files really aren't "Log files", but are "Transaction Logs", which is a different thing in my book.

    Some of this makes sense, some of this does not. But I'm not a windows admin, and I didn't design this network here, so maybe this is the result of a poor configuration.

    --
    94% of Repubs and 21% of Dems voted to renew the Patriot Act