I personally like to send my logs to the standard local log file and
I also forward them to a remote syslog machine.
I use this as a backup in case of the syslog machine being down. Of
course I have to destroy local logs after some time, but I like the
safety net it gives me.
As you say, a hacker will easily destroy local evidences, but will
have to hack another box to destroy the whole trace. Not impossible,
but not very easy... And there is still a trace with the alerts you
send by mail...
On 3-Aug-2006, at 22:37, John Summerfied wrote:
Thomas Kern wrote:
This sounds like a good idea for another linux appliance. A
centralized
logging and log-analysis server could be a nice drop-in appliance
for a
fledgling penguin network. One spot to accumulate logs, rotate logs,
analyze logs and archive logs. Sounds much better than having to
configure each server for its own log storage, rotation, anaysis and
archival.
It's also harder for a cracker to fiddle with your logs:-)
--
Cheers
John
-- spambait
[EMAIL PROTECTED] [EMAIL PROTECTED]
Tourist pics http://
portgeographe.environmentaldisasters.cds.merseine.nu/
do not reply off-list
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO
LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
