hi all, yup - obviously it's my mistake :( i put the line in syslog.conf at central host as *.info /var/log/messages fix that now the particular process goes to that file :) thanks all :) as a fact that is for my snort logging - i'm running 2 snort sensor then each of the sensor is sending the its alert file to central syslogd beside log it in the mysql. :) -skop -----Original Message----- From: Tina Bird tbird@precision-guesswork.com Sent: Mon, 26 Nov 2001 18:51:31 -0600 (CST) To: skopat_private CC: loganalysisat_private Subject: Re: [logs] syslogd - parallel logging Can you send a copy of your entire syslog.conf on the central loghost? Sounds to me like you have a line saying to send everything to /var/log/messages, as well as a line saying to send local3.info (or whatever) to a separate file. syslog will perform all actions that a particular bit of log data matches, not just the first one. And yes, since the syslog daemon has no access control capability built in, it's possible for anyone who knows the loghost is there to flood your server. You need to look at firewalling the loghost or using one of the more advanced syslog servers -- like the CoreST system listed on the Log Analysis web site -- to provide limitations. On Mon, 26 Nov 2001, skop ganu wrote: > Date: Mon, 26 Nov 2001 17:51:21 -0800 > From: skop ganu <skopat_private> > To: loganalysisat_private > Subject: [logs] syslogd - parallel logging > > hi all, > thanks for all the reply :) > sorry for not trying it earlier > > anyway still have some problem as this ; on the server when i specify in /etc/syslog.conf ; local3.info @client-one-file , still the messages goes parallel to /var/log/messages and /var/log/client-one-file. > > anyway is there any 'security precaution' should syslogd be ? > with my experiment anyone could easily point their machine to my log server (in /etc/syslog.conf ; local3.info @192.168.0.1) so my server would received it and /var/log/messages would be fill with it. > > > > -skop > > > > > ___________________________________________________________________________ > Visit http://www.visto.com. > Find out how companies are linking mobile users to the > enterprise with Visto. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: loganalysis-unsubscribeat_private > For additional commands, e-mail: loganalysis-helpat_private > "I was being patient, but it took too long." - Anya, "Buffy the Vampire Slayer" Log Analysis: http://www.counterpane.com/log-analysis.html VPN: http://kubarb.phsx.ukans.edu/~tbird/vpn.html ___________________________________________________________________________ Visit http://www.visto.com. Find out how companies are linking mobile users to the enterprise with Visto. --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Tue Nov 27 2001 - 04:44:27 PST