Need to log failed connections on listening daemon

[baallan]

LDMSD should log failed attempts to connect due to auth failure at ERROR or maybe WARNING level. Administrators should be able to tell when daemons are under attack if they want to be told.

If there's a strong feeling that the log level should be tunable, add an option -a fail=LEVEL.

[oceandlr]

We had a question about this when working through the tutorial. Was this in previously? Or possibly taken out to keep an attacker from filling up the log?

[baallan]

attackers have numerous ways to fill up a log without ldmsd. But if that's a concern, then making the log level of auth failures selectable should address it. On most shared systems, all auth failures are logged as part of NIST-recommended security practices.

[oceandlr]

yes just trying to get the background on the development of this, since this had existed previously.

[tom95858]

Is there general consensus that we should convert our logging from 'level' to a bit mask with a bit for each type of error?

[baallan]

If we're doing a log green-field, that would be a v5-ish thing to do, right? Every plugin would have to be rewritten.

If doing from scratch, I'd probably start with a look at log4c rather than fooling with bitmasks.

Folks may have seen other solutions; I'm not particularly enamored of log4c's choice of xml instead of something human composable (unless they also have a handy editor for generating the xml). Also need at some point the ability to add syslog level tags to selected messages-- lots of big machines are still managed off syslog and splunk.