can i delete syslogd, klogd?

lmmix · 03-09-2005, 02:10 PM

Hi,

usually, i don't read log file(/var/log/*), but in aptitude, it marked as "Priority: important".
i don't see it's usage.

i just worry about writing useless log file that hurt my HDD,

can i delete it?

Thanks for reading.

acid_kewpie · 03-09-2005, 02:57 PM

it marked what?

TruckStuff · 03-09-2005, 06:09 PM

Ehhh.. I've never seen a "useless" log file, but that's just me.

At any rate, you shouldn't touch those processes. In all likelyhood you will break and/or severly cripple your system. Not a good way to end the day.

lmmix · 03-10-2005, 07:50 AM

hmm your reply trigger my curiosity.
ok i will give it a try. see how it going without syslogd, klogd.

--
PS: well, after rebooting, nothing failed, more noiseless

Quote:

xxx@debian:~$ su
Password:
debian:/home/xxx# aptitude
(Reading database ... xxx files and directories currently installed.)
Removing klogd ...
Stopping kernel log daemon: klogd.
Purging configuration files for klogd ...
Removing sysklogd ...
Stopping system log daemon: syslogd.
Purging configuration files for sysklogd ...
Press return to continue.

PPS: keeping update or know everything about the software/hardware make log file useless.
PPPS: oh my computer isn't server or something.

Capt_Caveman · 03-10-2005, 08:11 AM

IMO, that is a real mistake. Your logs are basically your eyes and ears when it comes to security. You should be reviewing them on a regular basis in order to spot the kind of anomalies that can be an indicator of someone attempting to break into your system. They're also critical for diagnosis hardware and software problems. If you find reading them to be overwhelming, try using something like logwatch to mail you summaries of important log events. But completely removing your logging mechanisms is a big mistake. Plus the disk activity required for logging is nothing compared to the usage of swap or /tmp. If your log files are just getting overly large, use logrotate.

lmmix · 03-10-2005, 08:15 AM

i hate logrotate-cron-anacron. don't ask me why.

unless owned or used by nasty ppl, i am fine with non-log-daemon system.
--
cat /dev/null > /var/log/*

PS: honestly, i never ever have seen the log files, and i will do so. When there is hardware/software problems, always i can figured it out.

PPS: i knew ssh or similar server style apps(*almost* them with the help of aptitude), like i said my computer is "public personal", and it ain't for the server. and guess what? did i installed "ssh"??

PPPS: now these days.., big brother laughing at astaro

Capt_Caveman · 03-10-2005, 08:24 AM

The point is to be able to spot break-in attempts or the information gathering before a compromise occurs. A good example is the sshbruteforce tool. Someone could try username/password combos 24-7 and you wouldn't have the slightest idea.

TruckStuff · 03-10-2005, 08:51 AM

Quote:

Originally posted by lmmix
unless owned or used by nasty ppl, i am fine with non-log-daemon system.

How in the world would you know if you got owned if you don't have any logging facility?? If you don't want to read logs, use windows.

lmmix · 03-10-2005, 04:00 PM

always, there is another way to do something, open your eyes.

--

TruckStuff · 03-10-2005, 05:12 PM

I'd prefer to do it the easy way rather than stitching my eyes shut completely.