Page created: 15 Jul 2022 |
Page updated: 20 Jan 2023
One simple option for centralizing log content is to have the server log to a shared filesystem.
This is the simplest option, but it only addresses some of the issues outlined previously. While a shared filesystem reduces the need for access to the instance filesystem, it does not necessarily help prevent attackers from altering the files. If attackers gain access to the underlying system and that system has access to files from other instances, they might be able to cause greater disruption than if the content had been kept local to each instance.