On: Thu, 26 Apr 2001 09:10:09 +0530 Shoney Joy wrote:
>Hi list members,
>
>can anyone provide me some input on how to have a remote console monitoring
>multiple IPChains. I am looking at something equaling to that provided by
>FW-1 for managing and monitoring multiple OPSec compliant firewalls..
>
>Thanks in Advance..
>
>Shoney Joy
for m in `cat machines` ; do
xterm -e ssh $m "tail /var/log/messages | grep ip-chain"
done
this is probably more secure than FW-1's method, which I believe
sends the logs in the clear. Also, ssh is a more well vetted piece
of software and is likely to have fewer bugs and security issues.
alternatively, you can use something like syslog-ng to securely
(or plain syslog, to do it with less security) gather all of the
logs in one place and simply watch that file. it's not a gui,
but that nothing a little perl/tk can't fix for you, and likely
a search on freshmeat.net will fine a gui log analyzer.
as for remote administration, none of the ip* linux firewalls have,
as far as i know, remote administration like FW-1's. however, that
again requires open ports and a daemon listening on the other end, and,
again, ssh is probably a decent port to have open if you must open
any port, and while there isn't a nice gui, that's one of the strengths
of the ip* firewalls, in my eyes.
cheers.
--andrew
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
