Re: [logs] syslogd - parallel logging

From: todd glassey (todd.glasseyat_private)
Date: Tue Nov 27 2001 - 05:15:05 PST

Next message: Andy Bach: "RE: [logs] syslogd"

Previous message: Gary (hotmail): "Re: [logs] syslogd - parallel logging"
In reply to: Gary (hotmail): "Re: [logs] syslogd - parallel logging"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----- Original Message -----
From: "Gary (hotmail)" <heitmangaat_private>
To: <skopat_private>
Cc: <loganalysisat_private>
Sent: Tuesday, November 27, 2001 2:35 AM
Subject: Re: [logs] syslogd - parallel logging


> Can you post your syslog.conf ? Your messages should only go where you
tell
> them (ah... of course...). I leave some info on both the local and remote,
> just in case...

This is a very important part in forensics, that you have more than one copy
of the logging and that it be synched together through its timestamps. That
way at the end of an operations period there is the master and the remote
copy of the Event Data to be compared to each other.

>
> I think you could probably filter the udp port /traffic that syslog uses,
if
> you need to make sure only authorized hosts write to your syslog machine.

In
> my world (again), I kind of deicided that log server is for everyone -- I
> have a huge disk and run some monitors on the logs to be kept aware of
file
> sizes, etc.
>
> -gary
> ----- Original Message -----
> From: "skop ganu" <skopat_private>
> To: <loganalysisat_private>
> Sent: Monday, November 26, 2001 7:51 PM
> Subject: [logs] syslogd - parallel logging
>
>
> hi all,
> thanks for all the reply :)
> sorry for not trying it earlier
>
> anyway still have some problem as this ; on the server when i specify in
> /etc/syslog.conf ; local3.info   @client-one-file , still the messages
goes
> parallel to /var/log/messages and /var/log/client-one-file.
>
> anyway is there any 'security precaution' should syslogd be ?
> with my experiment anyone could easily point their machine to my log
server
> (in /etc/syslog.conf ; local3.info    @192.168.0.1) so my server would
> received it and /var/log/messages would be fill with it.
>
>
>
> -skop
>
>
>
>
>
___________________________________________________________________________
> Visit http://www.visto.com.
> Find out  how companies are linking mobile users to the
> enterprise with Visto.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: loganalysis-unsubscribeat_private
> For additional commands, e-mail: loganalysis-helpat_private
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: loganalysis-unsubscribeat_private
> For additional commands, e-mail: loganalysis-helpat_private
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: Andy Bach: "RE: [logs] syslogd"
Previous message: Gary (hotmail): "Re: [logs] syslogd - parallel logging"
In reply to: Gary (hotmail): "Re: [logs] syslogd - parallel logging"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Nov 27 2001 - 15:27:25 PST