Re: secure remote logging

From: Brian C. Lane (brian@nexuscomputing.com)
Date: 11/29/01


Subject: Re: secure remote logging
From: "Brian C. Lane" <brian@nexuscomputing.com>
To: Waldemar Brodkorb <waldemar@thinknow.de>
Date: 29 Nov 2001 06:59:59 -0800
Message-Id: <1007045999.8118.7.camel@kermit.nexuscomputing.com>

On Mon, 2001-11-26 at 14:04, Waldemar Brodkorb wrote:
> Hi,
>
> What software do you use to do secure remote logging?
> Syslog-ng with remote TCP logging over ssh tunnel?
>
> What is best practice?

The latest (December 2001) Linux Journal has a sidebar on page 34 with
an idea from Lance Spitzner. Basically it consists of setting up a
stealth logging system on the LAN with no IP address and then specifying
a bogus IP in the systems to be logged. The stealth system uses snort or
something similar to capture the logs being sent to the bogus IP
address.

This isn't secure as in 'unreadable logs' but the logging system is a
heck of a lot harder to crack if it doesn't have an IP <G>.

Brian

-- 
brianlane.com  |  nexuscomputing.com  |  libertynews.org  |  guetech.org

GPG Key Fingerprint 799F A3B6 AEF8 E9B4 D720 56D0 21FB 63FE 9712 C2CD