LinuxSA Mailing list archives
Index:
[thread]
[date]
[subject]
[author]
[stats]
From: Alain Satre <alain@messagebay.com>
To : Daryl Tester <Daryl.Tester@iocane.com.au>
Date: Wed, 14 Feb 2001 10:53:51 -0800
Re: Syslog remote logging
Ok... This looks like it works fine. I appreciate the help!
One more task I failed to ask about is to seperate the log files into
specific files per server. IE I have 10 hosts, logging to a central server,
I would like to see the files individually. Does syslog facilitate this in
any way? Or will I have to script it out by the host name with a tail of the
large syslog files? In general I would like to have a seperate directory
keeping a copy of all logs per server. This will be for security auditing.
We need to have specifics when we contact law enforcement due to breakins.
Without an un-corrupted log file its hard to get them to realize the truth of
the situation. Anything written is 100X better than spoken.
Thanks for the help!
Alain-
Daryl Tester wrote:
> Alain Satre wrote:
>
> > What about specifying the line twice?
> > i.e.
> > mail.info /var/log/maillog
> > mail.info @syslog.server
>
> This works.
>
> > I would hope that doesnt allow untrsted hosts to send
> > syslog data to your host?
>
> It does, and is a known issue.
>
> > Is there a way to allow certain ip's? or just all or nothing?
>
> Use ipchains (or whatever is appropriate for your kernel revision)
> to narrow down the IP range that syslog can accept (if you need
> to know the port, look in /etc/services). Note that if someone
> can guess the IP address(es) that you are monitoring, then they can
> easily forge packets that will circumvent your filtering rule.
> This, too, is a known issue.
>
> --
> Regards,
> Daryl Tester, Software Wrangler and Bit Herder, IOCANE Pty. Ltd.
>
> "You shouldn't mix meditation with management. The mind gets too empty."
> -- Dilbert
--
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject
Index:
[thread]
[date]
[subject]
[author]
[stats]
Return to the LinuxSA Mailing List Information Page