Re: secure remote loggingFrom: Brian C. Lane (firstname.lastname@example.org)
- Previous message: Joel Sing: "Re: user selection for ssh connections"
- In reply to: Waldemar Brodkorb: "secure remote logging"
- Next in thread: Richard Masoner: "Re: secure remote logging"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Subject: Re: secure remote logging From: "Brian C. Lane" <email@example.com> To: Waldemar Brodkorb <firstname.lastname@example.org> Date: 29 Nov 2001 06:59:59 -0800 Message-Id: <email@example.com>
On Mon, 2001-11-26 at 14:04, Waldemar Brodkorb wrote:
> What software do you use to do secure remote logging?
> Syslog-ng with remote TCP logging over ssh tunnel?
> What is best practice?
The latest (December 2001) Linux Journal has a sidebar on page 34 with
an idea from Lance Spitzner. Basically it consists of setting up a
stealth logging system on the LAN with no IP address and then specifying
a bogus IP in the systems to be logged. The stealth system uses snort or
something similar to capture the logs being sent to the bogus IP
This isn't secure as in 'unreadable logs' but the logging system is a
heck of a lot harder to crack if it doesn't have an IP <G>.
-- brianlane.com | nexuscomputing.com | libertynews.org | guetech.org
GPG Key Fingerprint 799F A3B6 AEF8 E9B4 D720 56D0 21FB 63FE 9712 C2CD
- application/pgp-signature attachment: stored