lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20120206190206.GA8068@logfs.org>
Date:	Mon, 6 Feb 2012 14:02:06 -0500
From:	Jörn Engel <joern@...fs.org>
To:	linux-kernel@...r.kernel.org
Cc:	Joel Becker <jlbec@...lplan.org>
Subject: Announce: cancd 0.2.0 netconsole capture server

Quoting Documentation/networking/netconsole.txt:
	The remote host can run either 'netcat -u -l -p <port>',
	'nc -l -u <port>' or syslogd.

Now, both of these options have their issues.  Netcat works fine, but
only reasonably scales to 1.  Having to use a seperate port for every
test machine, as well as a seperate netcat process that writes to a
proper file becomes a bit of a nightmare by the time you approach
three digits of machines.

Syslogd would be great, if netconsole actually spoke syslog protocol.
As it is netconsole speaks a protocol I would describe as "7bit ascii,
no nonsense".  Syslog protocal is described in rfc5424, a 38-page
document.  I think it is fair to say the two are incompatibel.  In
case someone actually wants to see the full trainwreck, a quick search
should come up with enough bug reports to scare your children into
bed.

Given that sad state of things, here is yet another alternative:
http://git.kernel.org/?p=linux/kernel/git/joern/cancd.git

It is far from perfect.  Bases on cancd 0.1.0, written by Joel Becker,
it is completely incompatible to the older version.  I decided to just
bang on the code long enough until it happened to do what I wanted.
No thought went into preserving previous functionality that I didn't
want to use.  No thought went into making functionality I did actually
want optional.  So unless your taste and requirements closely match
mine, you will have to invest some work.

The good new is that you have the source and can do it, just like I
did it.  If you send me patches that keep things working for me, I
will be happy to merge them.  If someone else wants to become
maintainer, great!  Less work for me.

Also beware that I changed the code, but not the documentation.  Oh,
Joel also disagrees with a number of the changes I made.  A better
programmer with more time could have kept 0.1.0 and 0.2.0 compatible.
I didn't, sorry.

Jörn

PS: Since there is no documentation, here is a quick overview.

Invocations: cancd -p <port> -l <log_dir>

Cancd will take any messages thrown at that port, prepend a timestamp
to each line and write them out to a logfile matching the "machine".
Initially, the logfile will be the IP address of the source host.  If
that IP has a matching reverse DNS entry, the logfile will be "foo"
for "foo.example.org".  If you have two seperate machines
foo.a.example.org and foo.b.example.org, they will use the same
logfile.

Best used in combination with logrotate, for obvious reasons.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ