On Thu, 15 Aug 2013, Mike Siedelberg wrote:
Hi, not able to find a good original syslog list to ask this. If anyone can
advise me on a more appropriate list to go to, please do so.
I've been in this business for a long time, but I have to ask for some input.
One of our application programmers came up with a remote syslog config from
some site that is supposed to be security compliant.
I am trying to tell them this is the wrong way to implement. For one thing in
AIX there is no authpriv facility, and several remote lines all go to the same
remote collector.
Please reply on how this can be done correctly, thanks,
auth.info @arcsl1
local7.info @arcsl1
local6.info @arcsl1
auth.* @arcsl1
authpriv.* @arcsl1
local7.* @arcsl1
"security compliant" doesn't mean much, anything could be compliant, depending
on what your security policies are.
As for authpriv, there are different names on different systems, I would suggest
doing man syslog.conf on your AIX box to see what the different facilities are.
If you are sending everything to the same destination, I would default to doing
*.* @arcsl1
and just send everything, that way you know you have the logs you care about :-)
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
