[Sudoscript-devel] Re: merge fifo

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I've released 2.0.0alpha today. It's available at 
http://www.egbok.com/sudoscript

The buffer problem is due to script(1). On Linux, you can issue a 'script 
-f' to
get it to flush its output. That doesn't work on any of the other 
architectures, however.
I'm seeing different behavior with my code. I get timestamps in a cluster 
when the
buffer flushes, but not the exit time. Perhaps you are doing very short 
sessions?

Regarding syslog, I do syslog daemon events, but not all that script(1) 
data.
There are two reasons for this in my mind. First, script(1) output looks
pretty garbled without post-processing,  which could be annoying to an admin
wanting to read the log for some other reason. (I know it would annoy me 8).
Second, the quantity of data logged is way, way more than a typical program
using syslog would produce. I handle this flood of data by turning over my
log files as needed, trading of longevity of the logs for keeping
log partitions free. That's a good trade-off purely in terms of sudoscript,
but not necessarily for other data that could be syslogged. If syslog.conf
pointed sudoscript output to /var/log/secure, for instance, then THAT file
would turn over quickly, possibly flushing lots of important data that had
nothing to do with sudoscript. Finally, I'd really hate to see someone use
syslog to push this stuff over a network to a remote logging host. Not only
would it burn bandwidth, but by-definition sensitive data would go across 
the
wire in the clear.

I'm grateful for your ideas and feedback, Tommy, but I'd really appreciate
it if you subscribed to the sudoscript-devel list. Postings there are 
archived
so that others can come up to speed, or search them for a particular topic. 
It's
pretty low-volume, so you won't get flooded with extraneous stuff.
I've CCd the list on this message.

--On Tuesday, May 21, 2002 03:41:03 PM -0500 Tommy Smith <ts...@ea...> 
wrote:

> Howard;
>
> just at quick glance, the date time stamps on the merge-fifo are still
> going to be inacurate & just reflecting the time of buffer flush. is
> there a way to have the fifos operate with a very short buffer so the
> datetime stamps are more meaningful? last I checked the entire session
> was coded with the datetimestamp of when 'exit' occurred , or, more
> precisely, when script handed off the FIFO. seems like the structure you
> have drawn is already creating session instances but just logging to the
> merge fifo. some folks might say it should log to a syslog facility.
> looks pretty complex though.
>
> ..
> ?
> -TS
>

Howard Owen                      "Even if you are on the right
EGBOK Consultants                 track, you'll get run over if you
hb...@eg...    +1-650-339-5733  just sit there." - Will Rogers