Jeff King <peff-loganalat_private> writes: > For the most part, this works. However, you have a circular trust chain. > You don't trust the mail server to not get broken into, so you push its > logs off to a central logserver. However, you never look at the central > logserver; you trust the mail server to correctly display the contents > of the logserver to you. Why use the central mail server? If the logserver's MTA contacts the admin workstations directly, you have removed one point of failure/compromise. This MTA still won't have to listen on the network, just be intelligent enough to send mail to the right host. An attacker would have to compromise most of the admin stations as well to keep an alert from reaching anybody. Maybe the loghost should ring an old fashioned alarm bell if a certain percentage of admin stations are not reachable for some time (to detect DoSsing). Will also freak out the folks when the whole network is down <eg>. -- Robbe
This archive was generated by hypermail 2b30 : Mon Oct 15 2001 - 11:31:58 PDT