Dominic Coulombe wrote:
I personally like to send my logs to the standard local log file and
I also forward them to a remote syslog machine.
I use this as a backup in case of the syslog machine being down. Of
course I have to destroy local logs after some time, but I like the
safety net it gives me.
As you say, a hacker will easily destroy local evidences, but will
have to hack another box to destroy the whole trace. Not impossible,
but not very easy... And there is still a trace with the alerts you
Please, Linus describes himself as a hacker. _I_ said "cracker."
What I reas reply for tho, is to say that you _can_ make your log server
bullet-proof.
It doesn't have to accept any traffic other than incoming log packets
(and you could export the logs themselves using nfs, read-only.
Crack that without physical presence!
--
Cheers
John
-- spambait
[EMAIL PROTECTED] [EMAIL PROTECTED]
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
do not reply off-list
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
