Re: Simultaneously write syslog to another server?

From: James (james_readerNOSPAM@lineone.net)
Date: 04/19/02


From: "James" <james_readerNOSPAM@lineone.net>
Date: Fri, 19 Apr 2002 11:04:34 +0100


"David Hart" <news-post@mcdh.co.uk> wrote in message
news:02cm9a.m1o.ln@corn.mcdh.co.uk...
> Remy Sharp <remy.sharp@gallio.com> wrote:
>
> > For security purposes I want to be able to write the events logged
> > using syslog to another machine (so that if a potential hacker does
> > clean his/her steps - there is a copy I can go by).
> >
> > Does anyone know if:
> >
> > a) this is possible
> > b) this is worth doing
> > c) if there is a simple way of doing this -OR-
> > d) there is a (preferably free) program to do this
>
> Start syslogd with the '-r' option on the machine you want to log to.
> On the machine you want to log from edit /etc/syslog.conf and add the
> line "*.* @machine.address.to.log.to"
>
> --
> David Hart
> david@mcdh.co.uk
>

Hint i was given is also to re-compile syslogd so that it takes its
configuration from a different file (something un obvious eg.
/home/<user>/mythesis.txt) and set the option to export to a different
server there. Then leave a default syslogd.conf in /etc so the intruder
doesn't realise there's more logs to clear.
Think this tip came from http://project.honeynet.org who've got papers on
setting this sort of thing up, you could try looking there.



Relevant Pages

  • Re: No BIND
    ... Sure - read the script. ... It was your choice to leave the configuration the way the ... I mean syslogd by syslogd. ... even though I am logged in as root. ...
    (comp.os.linux.networking)
  • Re: no sshd log exists
    ... Any ideas of where my configuration is wrong? ... I send a -HUP signal to the syslogd daemon? ... Do You Yahoo!? ... Mail has the best spam protection around ...
    (SSH)
  • Re: forwarding Syslog messages on localhost:514
    ... I have following problem with respect to syslogd on fedora13. ... With the following configuration in the /etc/syslog.conf i should be able to receive all syslog messages on localhost:514 port. ... Is this the normal behavior of syslogd or I am missing something in configuration? ... Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ ...
    (Fedora)
  • Re: No BIND
    ... > Sure - read the script. ... It was your choice to leave the configuration the way the ... I mean syslogd by syslogd. ... 3-add proper logging instructions in named.conf4 ...
    (comp.os.linux.networking)