Date: Fri, 31 Jul 1998 16:25:00 +0200 From: Reidar Bratsberg <reidar@ravn.no> To: security@FreeBSD.ORG Subject: Re: Where are your logs? Methods of logging? Message-ID: <3.0.32.19980731162500.00869ce0@trost.ravn.no>
next in thread | raw e-mail | index | archive | help
Logging to a secure machine with syslog (or other) is as crucial as tripwire, IMHO. I haven't done it myself, but I've heard that some cut (!) the "send"-wires on the TP-cable to the secure machine -- making it impossible to reach it via the network. The syslog entries get through though. Other options: Let syslog log to a serial port, and set up an old machine with MS-DOS (or whatever) to receive them. At 13:14 31.07.98 +0100, Þórður Ívarsson wrote: >Now I log everything from every system to that computer, backup the logs >every day, and trace them. (...) >Is this something that might help us to trace the problems or is this >just extra trouble? I think it is absolutely worth the trouble. We don't take backup of the log-machine though. I guess we should... We've considered setting up an old matrix printer as well, but I'm not sure it's worth the trouble (or paper!). Best, Reidar -- Reidar Bratsberg Ravn Informasjonssystemer Ans, Oslo, Norway Phone: +47 22 37 97 00 Fax: +47 22 37 97 01 Business e-mail: ravn@ravn.no Public PGP-key available from http://www.ravn.no/~reidar/pub-pgp.txt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.32.19980731162500.00869ce0>