On Thu, 26 Sep 2002 05:32, you wrote: > I know you can redirect a log to a log host: can you dual-log to both > the log host and the local machine at the same time? If not, what > happens if you are using a log host and the host goes down ... does > syslog revert back to the local machine /var/log/messages?
The logging goes to both places. If the remote host goes down, the traffic to that is lost silently (it's using UDP), but resumes when it comes back up. Logging to other destinations is unaffected. Note that the remote host has to be configured to receive the syslog messages, on RHL it's turned off by default. AFAIK you can log to any number of destinations. I can imagine on your environments it might be worth devoting one or even two hosts to logging - if you're ever hacked, these logs (if your system is configured properly) are out of reach of the intruder. A trick that is sometimes used is to have a vanilla syslogd in the usual place, and specfiy the real one on the commandline. You would also want to attend to your firewall rules to control just who can log to these systems. -- Cheers John Summerfield Microsoft's most solid OS: http://www.geocities.com/rcwoolley/ Join the "Linux Support by Small Businesses" list at http://mail.computerdatasafe.com.au/mailman/listinfo/lssb
