Re: [logs] reinventing syslog [was: Secure Central Log Host]

• Previous message: Florin Andrei: "Re: [logs] reinventing syslog [was: Secure Central Log Host]"
• In reply to: Florin Andrei: "[logs] reinventing syslog [was: Secure Central Log Host]"
• Next in thread: Tom Perrine: "Re: [logs] reinventing syslog [was: Secure Central Log Host]"
• Reply: Tom Perrine: "Re: [logs] reinventing syslog [was: Secure Central Log Host]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Florin Andrei writes:
> The true solution is to modify syslogd.  [...]
> Changing the code to use local timestamps instead of the ones provided
> by the datagrams should be no big deal. Some external configuration flag
> could change the behaviour between the default (use the datagrams'
> timestamps, or use local time).

syslog-ng already supports this, with its "use_time_recvd()" option.
You can also do your remote logging via TCP to reduce the chance
that you are receiving spoofed data.
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Devin Kowatch: "Re: [logs] SDSC Secure Syslog"
• Previous message: Florin Andrei: "Re: [logs] reinventing syslog [was: Secure Central Log Host]"
• In reply to: Florin Andrei: "[logs] reinventing syslog [was: Secure Central Log Host]"
• Next in thread: Tom Perrine: "Re: [logs] reinventing syslog [was: Secure Central Log Host]"
• Reply: Tom Perrine: "Re: [logs] reinventing syslog [was: Secure Central Log Host]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Dec 05 2002 - 12:50:31 PST