Re: [Leaf-devel] Secure Logging

Mike Noyes Tue, 20 Feb 2001 12:02:48 -0500 (EST)
<x-flowed>Sergey Kozhedub, 2001-02-20 19:51 +0300
>On Tue, Feb 20, 2001 at 08:42:03AM -0800, Mike Noyes wrote:
>
>Who will install perl on router/firewall? I will not.

Sergey,
The only thing installed on the router/firewall is sshd. This is a pull 
solution not a push.

Secure Logging Over a Network
http://interactive.linuxjournal.com/Magazines/LJ74/3913.html

>The same functions may be implemented in shell.
>In my environment I used encrypted tunnels and ftp to store logs.
>Now I'm using remote logging facility of syslog(ng). It is more flexible
>and doesn't require disk/ramdisk space to store logs localy.
>You can also select facilities to log or log all messages (requires more
>bandwidth).

Do you have an example for us?

> > Everyone,
> > I noticed the logging thread on linux-router, and I remembered this
> > article in Linux Journal. Is this an acceptable solution?
> >
> >
> > Linux Journal June 2000 Issue 74 p.204
> > ********************** Perl Script for Pull Logging **********************
> > #!/usr/bin/perl
> > $host="monitored.one";                  # host to log to
> >                                          # (machine to monitor)
> > $file="var/log/imp-logs";               # logging file on
> >                                          # remote machine
> > $login="wallace";                       # login name on remote machine
> > $ssh_opts="-q -C -o 'FallBackToRsh=no'";
> >                                          # options to  ssh
> > #$ssh_opts="-q +C";                     # better for ssh2
> > $cmd="tail --follow=name --retry";      # the tail command executed
> > #$cmd="tail --follow";                  # this could be
> >                                          # used with old tails
> > $local_log="pulllog-log";               # local log for
> >                                          # failures
> > sub open_remote {                       # open the connection
> >    open(SSH,"|ssh $ssh_opts -l $login $host
> >      ".'"'."$cmd $file".'"');"
> >    select(SSH);
> >    $|=1;                                 # make it unbuffered
> > }
> > if ($local_log) {                       # if local logging enabled
> >    open(LOG,">>$local_log");             # open log file
> >    select(LOG);
> >    $|+1;
> > }
> > select STDOUT;
> > $SIG{'PIPE'}='IGNORE';
> > open_remote();                          # try to establish the connection
> > while (1) {
> >    while (<SSH>) {
> >        print STDOUT;                     # print on our side
> >    }
> >    print LOG "remote end was dead at " .
> >      `date` if ($local_log);
> >    close(SSH);                           # if error occured
> >    open_remote();                        # try to open connection again
> > }
> >
> > --
> > Mike Noyes <[EMAIL PROTECTED]>
> > http://leaf.sourceforge.net/
> >
> >
> > _______________________________________________
> > Leaf-devel mailing list
> > [EMAIL PROTECTED]
> > http://lists.sourceforge.net/lists/listinfo/leaf-devel
>
>--
>Best regards,
>Sergey Kozhedub
>
>_______________________________________________
>Leaf-devel mailing list
>[EMAIL PROTECTED]
>http://lists.sourceforge.net/lists/listinfo/leaf-devel

--
Mike Noyes <[EMAIL PROTECTED]>
http://leaf.sourceforge.net/


_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
</x-flowed>
Re: [Leaf-devel] Secure Logging

Reply via email to
