[lug] logs

John Hernandez John.Hernandez at noaa.gov
Mon Jul 30 10:40:46 MDT 2001


"D. Stimits" wrote:
> Sending logs via email to a machine that is
> completely isolated from the breached machine is a way to do that
> (separate machines with no direct interface).
> 
> D. Stimits, stimits at idcomm.com

The problem with e-mail as an alternative to UDP logging is that by the time your cron job fires up to e-mail the logs, the intruder has already covered his tracks.  A combination of the two techniques, where logs are e-mailed to a remote account by the UDP loghost, may be the best defense.

> 
> >
> > I must have misunderstood what you were saying...
> >
> > Sean
> > --
> >  Let's just say that your monkeys aren't quite typing Shakespeare.
> >    -- Sean Reifschneider, speaking about Quicken support, 2001
> > Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
> > tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

-- 

  - John Hernandez - Network Engineer - 303-497-6392 -
 |  National Oceanic and Atmospheric Administration   |
 |  Mailstop R/OM12. 325 Broadway, Boulder, CO 80305  |
  ----------------------------------------------------



More information about the LUG mailing list