RE: Syslog over Internet

From: David Gillett (gillettdavid_at_fhda.edu)
Date: 08/18/03

  • Next message: Jeff Lane: "Re: Web based solution rather than VPN"
    To: <vineet@linux.com.kw>, <security-basics@securityfocus.com>
    Date: Mon, 18 Aug 2003 10:23:48 -0700
    
    

      Standard syslog uses UDP to deliver log messages to
    the server. That means that if any of them gets lost
    along the way, nobody will know or care.
      So I'm reluctant to try to send standard syslog across
    the Internet to a remote server.

      There are a couple of ways to try to fix this. The
    new syslog-sec standard should help, but you're probably
    dealing with gear that doesn't yet support it.
      Next best might be to log both locally and remotely, and
    FTP the local (remote to you...) logs periodically.

    Dave Gillett

    > -----Original Message-----
    > From: Vineet Mehta [mailto:vineet@linux.com.kw]
    > Sent: August 18, 2003 08:00
    > To: security-basics@securityfocus.com
    > Subject: Syslog over Internet
    >
    >
    > I have hired a server located in a different country. I heard that its
    > better to log all your syslog messages on a different
    > machine. As i dont
    > have access to any other machine on that network except in my own
    > country.
    >
    > My question is how safe and efficient it is to log Syslogd
    > messages from
    > my server in other country to my server in this country?
    >
    > Is it really safe? is it adviced to do so, of not then why?
    >
    > Any help would be appreticated
    >
    > Reegards,
    > --
    > Vineet Mehta
    > Network Security Consultant
    > Kuwait Linux Company
    > Kuwait
    > Ph-2412552/2463633
    > <vineet [at] linux [dot] com [dot] kw>
    > www.linux.com.kw
    >

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Jeff Lane: "Re: Web based solution rather than VPN"

    Relevant Pages

    • Re: Need to implemet Syslog server
      ... >On my network I need to implement a Syslog server ... Pretty much everything but Windows will ... likely talk to syslog if told to, ... A great many other managed network devices support syslogging, ...
      (Security-Basics)
    • RE: Syslog over Internet
      ... Logging can sometimes contain quite sensitive information. ... > Subject: Syslog over Internet ... > I have hired a server located in a different country. ...
      (Security-Basics)
    • [HPADM] SUMMARY: syslog redirection
      ... server is down, entries will be lost. ... Syslog sends over UDP on a "broadcast and forget" concept. ... information that is subject to United States laws and regulations. ... I'm being asked to route syslog messages to a central server. ...
      (HP-UX-Admin)
    • RE: Syslog Server on Debian Etch
      ... Syslog was working fine on the clients, I had it installed to a diff ... Is anyone else monitoring Juniper Netscreen firewalls? ... Syslog Server on Debian Etch ...
      (Debian-User)
    • Re: How to allow port 514?
      ... a packet filter allows traffic into the server itself. ... If you want to run your syslog on the server you would use a packet filter. ... In ISA Policy Elements, right click Protocol Definitions, ... in Publishing, right click Server ...
      (microsoft.public.windows.server.sbs)