Syslog remote logging
Daryl.Tester at iocane.com.au
Wed Feb 14 12:29:52 CST 2001
Alain Satre wrote:
> What about specifying the line twice?
> mail.info /var/log/maillog
> mail.info @syslog.server
> I would hope that doesnt allow untrsted hosts to send
> syslog data to your host?
It does, and is a known issue.
> Is there a way to allow certain ip's? or just all or nothing?
Use ipchains (or whatever is appropriate for your kernel revision)
to narrow down the IP range that syslog can accept (if you need
to know the port, look in /etc/services). Note that if someone
can guess the IP address(es) that you are monitoring, then they can
easily forge packets that will circumvent your filtering rule.
This, too, is a known issue.
Daryl Tester, Software Wrangler and Bit Herder, IOCANE Pty. Ltd.
"You shouldn't mix meditation with management. The mind gets too empty."
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
mail linuxsa-request at linuxsa.org.au with "unsubscribe" as the subject
More information about the linuxsa