The event monitor reads from syslog and other log files to learn about events to notify the user about.
Some of these events could include useful information, e.g.
tlsguard rejected site abc.example.org because of x509 validation error..
fw-daemon denied connection to example.org
However, privacy sensitive users may not want some or all of this information persisted to disk, which it would be if written to syslog without any consideration. Ideas for achieving objectives of real-time notification & providing opportunity for forensic investigation in future while not undermining privacy:
distinct logger target for real time notification only
safer persistence by encrypting event log entries using public key w/private key offline
The event monitor reads from syslog and other log files to learn about events to notify the user about.
Some of these events could include useful information, e.g.
However, privacy sensitive users may not want some or all of this information persisted to disk, which it would be if written to syslog without any consideration. Ideas for achieving objectives of real-time notification & providing opportunity for forensic investigation in future while not undermining privacy: