Re: [fw-wiz] More Syslog Questions

From: Frank Knobbe (frank_at_knobbe.us)
Date: 07/16/04

  • Next message: Adrian Grigorof: "Re: [fw-wiz] Syslog montioring and usage."
    To: Nathaniel Hall <halln@otc.edu>
    Date: Fri, 16 Jul 2004 00:02:16 -0500
    
    
    

    On Tue, 2004-07-13 at 15:10, Nathaniel Hall wrote:
    > In an effort to make the log server as secure as possible, I would
    > like to find a way to use an append only file system. Unfortunately,
    > if this is done, logs cannot be rotated using logrotate so the server
    > must be taken down to single user mode to rotate the logs, causing the
    > loss of many log entries.

    May I suggest you look at alternative syslog daemons? I personally
    prefer syslog-ng. I have it configured so that that it creates unique
    files each day named <year>-<month>-<day>-messages, -firewall, -auth,
    etc. No need to rotate the logs as you have one file per day per log
    type. It is very easy to configure.

    Furthermore you can forward syslog messages between hosts via TCP which
    makes it very easy to tunnel data over SSL or SSH to a central log
    server.

    Check it out at http://www.balabit.com/products/syslog_ng

    Regards,
    Frank

    
    

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



  • Next message: Adrian Grigorof: "Re: [fw-wiz] Syslog montioring and usage."