system identification in utx database?

[Lowell Gilbert]

Anton Shterenlikht <mexas at bris.ac.uk> writes:

> Is there any information in a utx(8) database (log)
> that allows one to identify the system where
> that database was recorded? I cannot find any.

You're right; there isn't any.

> I need to preserve the utx access logs from several
> FreeBSD boxes. If I copy the logs to another box,
> or just print, I lose the information about the
> system where these logs came from.
> This is because this information does not
> seem to be present in the logs themselves.
> So I have to add some manual database identification,
> which might cast doubt on the database authenticity
> or integrity, if I even need to rely such databases,
> e.g. in court.

That doesn't make sense.  The file contents aren't any more secure from
modification than is the file metadata. I'd recommend determining
standard practice for your type of business, and following that. It may
be a good idea to obtain professional legal advice if legal weight is a
real concern.

> So, I wonder if there is some system identification
> information written to utx database that I'm not
> familiar with.
>
> I also have auditing enabled, but I'm still
> learning it, and don't want to loose the
> simplicity of utx.

Again, you don't have any guarantees of integrity. You might be able to
put a technical solution together with cryptographic signatures, but you
need to figure out what your real requirements are first.