I wish to enable logging of events onto a syslog server on the LAN segment. Can somebody tell me about the security & operational issues involved?
e.g. - Do I introduce any security vulnerability in selecting logging on to a remote syslog server? on the LAN segment? - What security precautions should be taken? Should the syslog server be firewalled individually? For that matter, should the servers on the LAN segment be firewalled individually? Any Pointers to further reading on this issue? - What happens if the network link to the syslog server is interrupted for some time? Any way of implementing dual logging i.e. on pf-sense machine and the syslog server? Any pointers to existing implementations? Or maybe any backend software that imports pfsense logs on to a database for further processing in realtime or near realtime? Any other pointers or comments on various issues involved. With best regards. Sanjay.
