Syslog over SSH

From: Rafael Vidal Aroca (rafael@3wt.com.br)
Date: 11/29/01


Date: Thu, 29 Nov 2001 09:50:53 -0200 (BRST)
From: Rafael Vidal Aroca <rafael@3wt.com.br>
To: <focus-linux@securityfocus.com>
Subject: Syslog over SSH
Message-ID: <Pine.LNX.4.33.0111290947160.1126-100000@osiris.gds>


        Well, this is an answer and a question.

        What I do to do secure logging on remote machines is pipe UDP/514
(syslog) to TCP using netcat then pass it to another machine over a SSH
tunnel, and put it to localhost.

        Like that:

        On logging server:

        nc -l -p 9999 | nc localhost -u syslog
        ssh -g -R 9999:localhost:9999 root@remoteServer

        On the machine we want to log:

         nc -l -u -p syslog | nc localhost 9999

        I do this and remote logging works, but is it a good way of doing
that?

-- 
[]s Rafael.
3wt - Wireless Web World Technologies
A Division of GDS Corporation



Relevant Pages

  • Re: Syslog over SSH
    ... I believe I have figure out my ssh tunnel problems, however, I am still ... I have setup public key encryption to keep from having to ... directly using syslog and changed the configuration to test with SSH ... to bind to the syslog port) ...
    (RedHat)
  • Customer has problems keeping incomming SSH connection alive.
    ... new remote location. ... When I checked syslog I see many lines with the error: ... I logged in via SSH and left the session idle for over an hour and ... when I went back to it, the ssh session did not respond to key presses. ...
    (comp.unix.sco.misc)
  • Re: script to record any ssh logins.
    ... I am looking fora mechanism that would send an email if ANY ssh ... login succeeded. ... You could, as an alternate, use syslog. ... firewalls and IDS apps ...
    (comp.os.linux.misc)
  • Re: unsuccessful hacking attempt at my machine
    ... >>logging and dropping SSH traffic that is not allowed. ... I did find out that the levels are defined in syslog man page ... > syslog isn't what actually creates the log entries. ... Since I am denying SSH packtes from non-allowed IPs using iptables, ...
    (comp.os.linux.security)
  • some ssh connections not logged
    ... My syslog is also set up to get those messages into a file. ... I can see almost all incomming ssh connections logged. ... I have set up a monitoring system that does a ptree of that user: ... But in my ssh log I can't see that the user ever connected... ...
    (comp.unix.solaris)