Thanks, John. Good tips and advice! Thank you, Paul
>The logging goes to both places. If the remote host goes down, the traffic to >that is lost silently (it's using UDP), but resumes when it comes back up. >Logging to other destinations is unaffected. >Note that the remote host has to be configured to receive the syslog messages, >on RHL it's turned off by default. >AFAIK you can log to any number of destinations. >I can imagine on your environments it might be worth devoting one or even two >hosts to logging - if you're ever hacked, these logs (if your system is >configured properly) are out of reach of the intruder. >A trick that is sometimes used is to have a vanilla syslogd in the usual >place, and specfiy the real one on the commandline. >You would also want to attend to your firewall rules to control just who can >log to these systems. >Cheers >John Summerfield
