Date: Wed, 30 Mar 2005 18:26:14 -0800 From: John Pettitt <jpp@cloudview.com> To: kurt.buff@gmail.com Cc: freebsd-questions@freebsd.org Subject: Re: syslog/postfix question Message-ID: <424B5FC6.5080803@cloudview.com> In-Reply-To: <424B5D56.20104@spro.net> References: <424B5D56.20104@spro.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Kurt Buff wrote: > I've been perusing man syslog and man syslog.conf, and haven't gotten > my mind quite wrapped around it yet. > > I have 4 FBSD 5.3 servers on my network, each running postfix 2.x. One > is a mail gateway to our Exchange server, the others are just using > postifx for mailing out the daily/weekly/monthly/security logs, while > they perform their other duties. > > I want to have the normal logging (in this case /var/log/messages and > /var/log/maillog) happen both locally and sent to a remote syslog server. > > I haven't yet modified syslog.conf on any of these machines. > > Am I correct in believing that all I have to do to make this happen is > uncomment the line that says: > > #*.* @loghost > > and change @loghost to match my syslog server? That is, along with > making sure that name resolution works correctly, of course. > > On the sending end that's it. On the receiving host you need to make sure syslogd has the correct setting to receive the log packets. There are security upsides and downside to doing what you propose. Upside: logs are on a different box - hopefully a secure one - so you have a record of attacks against the other boxes. Downside: log packets are unencrypted UDP so a black hat may be able to sniff them and learn about system configuration. In the end I think the upside wins. John
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?424B5FC6.5080803>