On Mon, Jun 07, 2010 at 03:08:12PM +0200, Dirk H. Schulz wrote: > Hi folks, > > I have stumbled over a difficult question. > > In a developed security environment where you run several network zones > with the most important data/servers in the inner zones and "outside > contact servers" like web proxies in the outer zone - in such an > environment a central syslog server should be positioned somewhere in > the inner zones, but the servers in the outer zones must not be allowed > to push messages into the inner zones - these messages have to be > fetched by the central servers from the outside zones' servers. > > As far as I understand it, the syslogds implement a push model for > remote logging, and I never heard of a syslogd pull model, but there > clearly is the need for one. > > Has anyone out there already thought about this and what did you do? Any > ideas from those who didn't? > > Thanks for any hint or help. > > Dirk
Hi Dirk, One approach would be to use ssh/scp to grab the log files from the outside systems. Then you could use the omfile module to inject them into the system. Obviously, you would need to provide a lot of data sanity checking before actually loading the data if the inside zone is really so locked down that even a logging connection to the syslog server is not acceptable. It sounds like you may want to put your log server outside and not inside. Regards, Ken _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
