>> the most important thing on your syslog server is your log files. its up to
>> you how you protect your log files even if
>> your syslog server is being compromise.
>
> Nope. If your log server is compromised (rooted), game over ka na. No amount
> of "log files protection" will help you. The best approach, AFAIK, is to
> _prevent_ your loghost from being compromised. Easier said than done, I know.
>
Agreed. If he wipes out your log files, then that's that, unless by some
chance logrotate emailed a copy of a "very" recent copy of the logs to
various people.
However, it may be possible to keep logs on separate places, aside from the
usual /var/log directory. That way, a person who relies it on being there
will start looking.
--------------------------------------
Gino LV. Ledesma
Ateneo Cervini-Eliazo Networks (ACENT)
email : [EMAIL PROTECTED]
web : http://cersa.admu.edu.ph/
phone : (63)(2) 426-6001 ext. 5925/5904
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
