Syslog remote logging

Daryl Tester Daryl.Tester at
Wed Feb 14 12:29:52 CST 2001

Alain Satre wrote:

> What about specifying the line twice?
> i.e.
>        /var/log/maillog
>       @syslog.server

This works.

> I would hope that doesnt allow untrsted hosts to send
> syslog data to your host?

It does, and is a known issue.

> Is there a way to allow certain ip's? or just all or nothing?

Use ipchains (or whatever is appropriate for your kernel revision)
to narrow down the IP range that syslog can accept (if you need
to know the port, look in /etc/services).  Note that if someone
can guess the IP address(es) that you are monitoring, then they can
easily forge packets that will circumvent your filtering rule.
This, too, is a known issue.

  Daryl Tester,  Software Wrangler and Bit Herder, IOCANE Pty. Ltd.

"You shouldn't mix meditation with management.  The mind gets too empty."
  -- Dilbert

LinuxSA WWW:  IRC: #linuxsa on
To unsubscribe from the LinuxSA list:
  mail linuxsa-request at with "unsubscribe" as the subject

More information about the linuxsa mailing list