[EMAIL PROTECTED] wrote:
> Good suggestion. This may not be a problem. Might be a separate
> syslog.conf option list to shunt certain messages off to a certain log or
> agent? .*denied.* LOGHOST(security.domain.com,tcp,125)
> in.tcplogd in /etc/inetd.conf : the connection can stay alive for
> a user specified time limit (keepalive). Both sides can tear down the
> connection after X idle time to prevent overload from daemon
> startup/shutdown.
hmm. would be nice if both sides could *start* the connection, too
(configurable).
if you want to transfer the logs from an agent which is located on a
system "outside" of a firewall, it would be nice to have the "inside"
system (the logserver) initiate the connection. we firewall guys get
nervous when some tool requires inbound tcp on the firewall...
just my 2 cents,
-daniel
