Date: Wed, 6 Oct 1999 17:46:38 +1000 (EST) From: Darren Reed <avalon@coombs.anu.edu.au> To: mike@argos.org (Mike Nowlin) Cc: madscientist@thegrid.net, freebsd-security@FreeBSD.ORG Subject: Re: Syslog over serial Message-ID: <199910060746.RAA07368@cheops.anu.edu.au> In-Reply-To: <Pine.LNX.4.05.9910060307590.15924-100000@jason.argos.org> from "Mike Nowlin" at Oct 6, 99 03:27:26 am
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Mike Nowlin, sie said: [...] > One of the nice things about syslog is that you can have messages go to > multiple places, although sometimes it takes a little creativity to make > it work... All of the machines at work log to a common host using > standard "*.* @1.2.3.4" notation in syslog.conf -- the common host records > everything to a (really big) disk file, in addition to breaking it down > depending on syslog facility into separate log files. The > "/var/log/biglog" that syslog creates has a program running against it > that does the equivalent of "tail -f", sent over an encrypted socket to > one of the machines at my home. In addition, the common logger sends all > the messages out via a serial line to a dumb terminal sitting behind my > my chair - quick viewability (?) to keep track of what's going on, and the > attached printer lets me grab stuff if I need to. (Two keystrokes to turn > the printer on/off.) Along with all of this, the three big machines that > I'm really concerned about each have a serial line connected to a serial > line-buffering multiplexer, which is in turn connected to a DOS box that > records everything they send out. This has been extremely beneficial in > the past during breakins, etc. where Mr. Intruder thought he'd play it > safe by wiping the log files -- good luck.... :) [...] [shameless plug] Were you using nsyslogd you could have the TCP/IP connection and encryption done using SSL without needing multiple programs. You are also protected from logfile tampering by message hashing. Darren http://coombs.anu.edu.au/~avalon/nsyslog.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199910060746.RAA07368>