"Gino LV. Ledesma" <[EMAIL PROTECTED]> wrote: >>> the most important thing on your syslog server is your log files. its up to >>> you how you protect your log files even if >>> your syslog server is being compromise. >> >> Nope. If your log server is compromised (rooted), game over ka na. No >> amount of "log files protection" will help you. The best approach, AFAIK, >> is to _prevent_ your loghost from being compromised. Easier said than done, >> I know. >> > >Agreed. If he wipes out your log files, then that's that, unless by some >chance logrotate emailed a copy of a "very" recent copy of the logs to >various people. > >However, it may be possible to keep logs on separate places, aside from the >usual /var/log directory. That way, a person who relies it on being there >will start looking. It _is_ possible. The original topic of this thread was actually remote logging or logging to a totally separate host. Another option, for the extremely paranoid, is to output each log line to a printer as it comes. Regards, abramos __________________________________ www.edsamail.com _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
