On Thu, 2003-06-19 at 22:00, bp wrote:
I've been at google and the man pages some but still don't quite see what I'm looking for.
I have an WAP that can send it's logs to a remote loghost. I'd like to setup my linux box to accept these log messages and store them in /var/log/apmessages. I think I can config syslog.conf to do all this, just haven't found the how yet.
Anyone have a good primer or such a config or a good HOW-TO page?
-bp
The syslogd daemon can be started with the "-r" option which tells the daemon to listen for incoming syslog messages. The port it listens on is 514 and the protocol it accepts is UDP. http://www.linuxsecurity.com/feature_stories/feature_story-138.html
Explaination of Remote Syslog http://www.cse.msu.edu/~westrant/symlink/pages/HoneynetDocs/remote-syslog.htm
Complete Reference Guide to Creating a Remote Log Server http://www.linuxsecurity.com/feature_stories/feature_story-64.html
Thanks Jon!
It's accepting logs now! I see my AP dropping in three entries:
Jun 20 09:10:29 Itchy sshd(pam_unix)[12392]: session opened for user root by (uid=0)
Jun 20 09:12:18 192.168.0.254 Wireless PC Connected Mac: 00-06-25-28-65-d6
Jun 20 09:12:21 host254-null.null.bellsouth.net System Start
Jun 20 09:12:22 192.168.0.254 Wireless PC Connected Mac: 00-06-25-28-65-d6
I've read the three links you sent but didn't see a way I could setup syslog.conf to filter all these AP request to a file of my choice, say /var/log/apmessages? Any help their?
Also, I see my AP has the option to enable|disable SSID broadcasts? How less secure is it to enable ssid broadcast (fyi: factory default to enable?)
Thanks. -bp
_______________________________________________ TriLUG mailing list http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ: http://www.trilug.org/faq/TriLUG-faq.html
