Syslog remote logging

Daryl Tester Daryl.Tester at iocane.com.au
Wed Feb 14 12:29:52 CST 2001


Alain Satre wrote:

> What about specifying the line twice?
> i.e.
> mail.info        /var/log/maillog
> mail.info       @syslog.server

This works.

> I would hope that doesnt allow untrsted hosts to send
> syslog data to your host?

It does, and is a known issue.

> Is there a way to allow certain ip's? or just all or nothing?

Use ipchains (or whatever is appropriate for your kernel revision)
to narrow down the IP range that syslog can accept (if you need
to know the port, look in /etc/services).  Note that if someone
can guess the IP address(es) that you are monitoring, then they can
easily forge packets that will circumvent your filtering rule.
This, too, is a known issue.


-- 
Regards,
  Daryl Tester,  Software Wrangler and Bit Herder, IOCANE Pty. Ltd.

"You shouldn't mix meditation with management.  The mind gets too empty."
  -- Dilbert

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request at linuxsa.org.au with "unsubscribe" as the subject



More information about the linuxsa mailing list