On Thursday 01 May 2003 09:24 am, Adam Lydick wrote:
Alternatives: (the traditional line printer was already mentioned), any
sort of write-only media will do the trick (eg: CD-RW). You might have
to flush batches of log entries to the CD for it to work. I'm not sure
what min packet size on UDF
Stefan Neufeind [EMAIL PROTECTED] wrote:
what is the best way to remotely syslog? In
Use a dedicated machine. Cut the 'transmit' pair in the CAT5 cable.
syslog is UDP, which is only one-way, so it doesn't need to transmit.
Obviously you'll have no remote access to the syslog server, but neither
Tuesday, April 29, 2003, 8:54:51 AM, Sam Couter (Sam) wrote:
Sam Stefan Neufeind [EMAIL PROTECTED] wrote:
what is the best way to remotely syslog? In
Sam Use a dedicated machine. Cut the 'transmit' pair in the CAT5 cable.
Sam syslog is UDP, which is only one-way, so it doesn't need to transmit.
On Tue, Apr 29, 2003 at 10:54:51PM +1000, Sam Couter wrote:
Stefan Neufeind [EMAIL PROTECTED] wrote:
what is the best way to remotely syslog? In
Use a dedicated machine. Cut the 'transmit' pair in the CAT5 cable.
syslog is UDP, which is only one-way, so it doesn't need to transmit.
On Thu, Apr 24, 2003 at 08:52:10PM +0200, Jose Luis Domingo Lopez wrote:
The implementation consisted in syslog-ng logging to a pipe (using a
template for SQL output), which is depleted from an ever running PERL
script that executes the SQL sentences in the remote server through a
secure SSH
On Thu, Apr 24, 2003 at 08:52:10PM +0200, Jose Luis Domingo Lopez wrote:
8 syslog-ng -- named pipe -- perl script -- ssh tunnel -- SQL DB
destination d_logpipe { pipe(/tmp/pipe owner(someone) template(\(
'$HOST', '$ISODATE', '$FACILITY', +'$PRIORITY', '$MESSAGE' \)\n) ); };
you need
On Wed, Apr 23, 2003 at 07:43:36PM +0200, Stefan Neufeind wrote:
Hi,
what is the best way to remotely syslog? In
RE: HELP, my Debian Server was hacked! by James Duncan he wrote to
use syslog to log locally AND remotely. This is a good idea. But I
wonder how to make it safe. Let's say I
On Wed, 23 Apr 2003, Stefan Neufeind wrote:
what is the best way to remotely syslog? In
RE: HELP, my Debian Server was hacked! by James Duncan he wrote to
use syslog to log locally AND remotely. This is a good idea. But I
wonder how to make it safe. Let's say I have two servers. Each could
On Wed, Apr 23, 2003 at 11:20:45PM +0200, Horst Pflugstaedt wrote:
I don' know much about security issues for this one, but you might want
to take a look at syslog-ng...
syslog-ng does remote logging on a specific tcp port,
and there is supposed to be encryption added at some point.
Not there
On Wednesday, 23 April 2003, at 16:37:01 -0700,
Jamie Penner wrote:
or, if using syslog-ng, do this for each logfile type in your config file:
destination syslog { file(/var/log/serverlogs/$HOST/syslog owner(root)
group(adm) perm(0640)); };
On the syslog-ng side I would suggest
Hi,
what is the best way to remotely syslog? In
RE: HELP, my Debian Server was hacked! by James Duncan he wrote to
use syslog to log locally AND remotely. This is a good idea. But I
wonder how to make it safe. Let's say I have two servers. Each could
keep a second, separate log as backup-log
On Wednesday 23 April 2003 13:43, Stefan Neufeind wrote:
what is the best way to remotely syslog?
If the business situation warrants the expense, then I advise my clients to
run an admin network on critical servers, with one hardened syslog server to
receive event logs from the servers. Keep
But what if you can't deploy a separate network just for syslog?
Encrypt it somehow? Or just use ip-based-security? I guess that's the
worse idea if you might be on a switch with several other machines,
right?
And do I really need a real syslog on the other machine? Or is there
any daemon so
On Wednesday 23 April 2003 17:48, Stefan Neufeind wrote:
But what if you can't deploy a separate network just for syslog?
Encrypt it somehow?
There's at least a couple options:
1) Encrypt the syslog stream.
2) Keep the syslog stream plaintext, but really harden the syslog server as
much as
Hi!
On Wednesday 23 April 2003 22:37, Kenneth R. van Wyk wrote:
If the business situation warrants the expense, then I advise my clients to
run an admin network on critical servers, with one hardened syslog server
What do you mean on admin network? Simply add plus network interfaces to each
or, if using syslog-ng, do this for each logfile type in your config file:
destination syslog { file(/var/log/serverlogs/$HOST/syslog owner(root)
group(adm) perm(0640)); };
that way, each server will have unique files in their own directories.
I'm assuming you mean maintaining a
On Wednesday 23 April 2003 19:12, Litzler Mihaly wrote:
What do you mean on admin network? Simply add plus network interfaces to
each server and seperate all the traffic at lower layers?
Yes, a separate, isolated, network segment that is _only_ used for
administrative/management data. A
Hi!
On Thursday 24 April 2003 02:04, Kenneth R. van Wyk wrote:
Yes, a separate, isolated, network segment that is _only_ used for
administrative/management data. A separate NIC and hub for each cluster of
How do you think switching a separate VLAN for this would be also secure
enough? Is it
On Thu, 24 Apr 2003, Litzler Mihaly wrote:
How do you think switching a separate VLAN for this would be also secure
enough? Is it a must to use a dedicated device?
Depends on your switch. A dedicated device is a MUCH better idea.
--
One disk to rule them all, One disk to find them. One
Litzler Mihaly wrote:
How do you think switching a separate VLAN for this would be also secure
enough? Is it a must to use a dedicated device?
Switching is done for speed, not security.
Hello!
On Thursday 24 April 2003 03:09, Henrique de Moraes Holschuh wrote:
Depends on your switch. A dedicated device is a MUCH better idea.
Okey. I understand, really thanks for the advice.
However I'm also interested in that how secure is to create VLANs with for
example a Cisco29xx and
On Wed, Apr 23, 2003 at 10:09:27PM -0300, Henrique de Moraes Holschuh wrote:
How do you think switching a separate VLAN for this would be also secure
enough? Is it a must to use a dedicated device?
Depends on your switch. A dedicated device is a MUCH better idea.
Yes, there are a number
On Wednesday 23 April 2003 21:26, Jamie Heilman wrote:
Litzler Mihaly wrote:
How do you think switching a separate VLAN for this would be also secure
enough? Is it a must to use a dedicated device?
Switching is done for speed, not security.
Agreed. For a dedicated logging server, though,
23 matches
Mail list logo
