[lug] logs

D. Stimits stimits at idcomm.com
Mon Jul 30 00:49:27 MDT 2001


Sean Reifschneider wrote:
> 
> On Sun, Jul 29, 2001 at 11:11:16PM -0600, Jeremy wrote:
> >I am running  RH 7.1 on my server/firewall, and the same on my work station.
> >I would like to get the logs from the server onto the workstation as a
> >backup.  Here is my reasoning for this.  If a cracker gets into my system the
> 
> You can set up syslog to log via UDP packets to another host.  You'll first
> have to set up the other host's syslogd to accept remote packets and your
> firewall to allow those in from your server.  Then on your server you list
> the destination as "@host" and messages will be forwarded to that host.  If
> you still want the log entries stored locally, just have two lines for the
> class listing local and remote.
> 
> See the man page for syslogd for the command-line flag to enable network
> reception.
> 
> Sean
> --
>  Well, what does she expect? You leave your navigator lying around,
>  naturally somebody is going to run over him.  -- _Death_Race_2000_
> Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

Don't forget that if you use UDP, and the firewall is breached, you will
lose the second machine if it is not also maintained with very good
package version maintenance. If someone really wants to protect logs by
putting them on another machine, the other machine also has to have a
few good qualities (email is interesting in this respect, one could
email the logs, or that last hundred lines, to an ISP or separate
network for a certain amount of isolation).

D. Stimits, stimits at idcomm.com



More information about the LUG mailing list