You want to record activity and/or errors in your program for later review.
On Unix systems,
syslog is the system audit
logging facility. Windows also has its own built-in facility for
audit logging that differs significantly from
syslog on Unix.
syslog( ) function is susceptible to a format
string attack if used improperly. See Recipe 3.2 for more
We cannot overstate the importance of audit logging for security and, more importantly, for forensics. Unfortunately, most existing logging infrastructures severely lack any kind of security. It is generally trivial for attackers to cover their tracks by modifying or deleting any logs that would betray their presence or indicate how they managed to infiltrate your system. A number of things can be done to raise the bar, making it much more difficult for the would-be attacker to invalidate your logs. (We acknowledge, however, that no solution is perfect.)
One such possibility involves logging to
a network server that is dedicated to storing
the logs of other machines on the network. The Unix
utility provides a simple interface for
configuring logging to a network server instead of writing the log
files on the local system, but the system administrator must do the
configuration. Configuration cannot be done programmatically by
individual programs using the service to make log entries.
If the server that is responsible ...