Thanks, John.  Good tips and advice!

Thank you,
Paul

>The logging goes to both places. If the remote host goes down, the
traffic to
>that is lost silently (it's using UDP), but resumes when it comes back
up.
>Logging to other destinations is unaffected.

>Note that the remote host has to be configured to receive the syslog
messages,
>on RHL it's turned off by default.

>AFAIK you can log to any number of destinations.

>I can imagine on your environments it might be worth devoting one or
even two
>hosts to logging - if you're ever hacked, these logs (if your system is

>configured properly) are out of reach of the intruder.

>A trick that is sometimes used is to have a vanilla syslogd in the
usual
>place, and specfiy the real one on the commandline.

>You would also want to attend to your firewall rules to control just
who can
>log to these systems.


>Cheers
>John Summerfield

Reply via email to