On 11/10/06, Marcus Bajohr <[EMAIL PROTECTED]> wrote:
syslog-ng is a very nice package that has a lot of knobs that can be tweaked. It also has the hooks for postgres and mysql backends and php frond end for display. A good starting point is here: http://www.campin.net/syslog-ng/faq.html
Sanjay Arora wrote:
> I wish to enable logging of events onto a syslog server on the LAN
> segment. Can somebody tell me about the security & operational issues
> involved?
>
> e.g.
>
> - Do I introduce any security vulnerability in selecting logging on to a
> remote syslog server? on the LAN segment?
> - What security precautions should be taken? Should the syslog server be
> firewalled individually? For that matter, should the servers on the LAN
> segment be firewalled individually? Any Pointers to further reading on
> this issue?
search the web for syslog security
>
> - What happens if the network link to the syslog server is interrupted
> for some time? Any way of implementing dual logging i.e. on pf-sense
> machine and the syslog server? Any pointers to existing implementations?
syslog-ng is a very nice package that has a lot of knobs that can be tweaked. It also has the hooks for postgres and mysql backends and php frond end for display. A good starting point is here: http://www.campin.net/syslog-ng/faq.html
> Or maybe any backend software that imports pfsense logs on to a database
> for further processing in realtime or near realtime?
>
If the link to the remote syslog is interrupted, you'll get much
messages like this:
...
Nov 10 02:01:56 last message repeated 10 times
Nov 10 02:01:25 syslogd: sendto: Host is down
...
the internal syslog still continue to work
afaik the syslog in pfSense is a rolling log,
so publishing the logs via a remote syslogserver will be the best
> Any other pointers or comments on various issues involved.
>
> With best regards.
> Sanjay.
>
>
>
greets,
marcus
