[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

RE: Proposal: Inhibit "console down"

Morris, Adam Adam.Morris@providence.org
Fri, 7 Sep 2007 11:59:07 -0700 (PDT)

	As someone who doesn't often contribute to conserver, my opinion is worth as much as you are willing to pay for it.  If it's more than 4 cents then you're paying too much (and given that I'm British and the exchange rate is lousy for you, you're probably already paying too much)...
	STOP LOGGING: I can understand circumstances where you might not want to log some information, but I would suggest that if you can stop and start logging then the command should ideally prompt you for a reason, and then log a note saying something like "John stopped logging on 7th November 2006 at 12:00:03.  Stated reason 'I hate being snooped on'".  (Feel free to mangle the format to your own desires...)  Basically you want to know who, when and what reason they gave.  You can then chase them down later if you have questions.  Sure this doesn't provide ideal auditing, but at least it records what happened and why.  It would also be good if this was a per session setting.  i.e. you disconnect without remembering to turn logging back on, it gets turned back on automatically.
	DOWN PORT: Again I can see why you might want to down a port.  It would again be nice if the same information was logged though.  Who, When, What and Why.  If you look at the log file and see "Jasmine downed port 17 as it was spewing data" then you don't need to up it to find out why it was downed.
	It would also be good if these commands could be limited to sets of users.  i.e. You let the administrators up/down ports and stop logging, but you don't let end users do it.  While this adds some complexity it does so in order to provide for flexibility.  The security conscious administrator might not want anyone to be able to run those commands, while in an open environment they might be allowed for anybody.
	Just my 2p.

This message is intended for the sole use of the addressee, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee you are hereby notified that you may not use, copy, disclose, or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete this message.