On Tue, Feb 20, 2001 at 09:38:02AM -0800, Mike Noyes wrote:
> >But... ;)
> >Using syslog's remote logging requires no disk space.
>
> Does syslog encrypt the connection between the router/firewall and log server?
No, it doesn't. But I'm not using it in public networks. In some
places I have encrypted tunnel.
> Security Issues in Network Event Logging (syslog)
> http://www.ietf.org/html.charters/syslog-charter.html
>
> >This is very important for me. I'm using read-only 8 mb flash disks for
> >root fs and a small (100-500kb) ramdisk for temporary/pid files.
>
> Could you use cron to flush the log files before this becomes a problem?
I tryed to use cron. But sometimes (massive attack etc) log files may
grow before cron job start and it will become a problem.
And why I will flush log? Maybe you don't need logging at all?
I have all logs from all routers/server for 1 year in my log archives.
And I don't think this is paranoia, once it was usefull ;)
Solution:
If you need logging on router/firewall just for some debug information
needed in configuration/interactive operation stage you
can configure syslog to log on one of the tty (for example tty9). You can
always see current (last 15-20 lines) of log by 'cat /dev/vcs9' when in
ssh.
--
Best regards,
Sergey Kozhedub
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
