/var/log

stickman · 08-10-2004, 04:09 PM

The ksyms logfiles are not created by syslog, but by rc.sysinit as I suggested. Not all files in /var/log are created by syslog. It's a generic log location. If you look in rc.sysinit for ksyms, you'll see where the logfiles are rotated with a simple while loop and the new one is created. Also, what do you consider to be arbitrary about the ksyms manpage? It appears to work as advertised.

Obie · 08-10-2004, 04:15 PM

stickman,

I though the rc.sysinit would start the software that logs ksyms.0, etc. As for my comment on it being arbitrary, I think I should have used the word vague. In a gist, it only seems to come across to me as kernel messaging and if so for what reason?

stickman · 08-10-2004, 04:20 PM

There is no software behind ksyms other than the kernel (ie module insertion and removal). The logfiles are created with a simple cat command.

Obie · 08-10-2004, 04:30 PM

stickman,

Thanks. How does ksyms help with security and why log it?

stickman · 08-11-2004, 08:00 AM

ksyms basically tells you what kernel symbols exists and where they are. Typically this should be static from day to day unless you are making adjustments to your kernel or the modules that get loaded. You might want to start looking at your system if you suddenly have new symbols.

Obie · 08-11-2004, 04:04 PM

stickman,

Thank you.