A better option is a passive logging server where it doesn't have an IP but a promiscuous network interface that will snarf all of the packets going to a bogus syslog server. That way the intruder wouldn't even know the machine existed.
And if you're really paranoid you could always have the log data encrypted. I tried the whole setup a few years ago and it was actually pretty easy to do. ks On 8/3/06, John Summerfied <[EMAIL PROTECTED]> wrote:
It doesn't have to accept any traffic other than incoming log packets (and you could export the logs themselves using nfs, read-only. Crack that without physical presence!
---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
