Re: Secure remote syslogging?

To: debian-security@lists.debian.org
Subject: Re: Secure remote syslogging?
From: Jamie Penner <jpenner@nisa.net>
Date: Wed, 23 Apr 2003 16:37:01 -0700
Message-id: <[🔎] 5.2.0.9.2.20030423163537.02d2c130@bart.v3.ca>
In-reply-to: <[🔎] 200304231815.50128.ken@vanwyk.org>
References: <[🔎] 3EA72651.12667.FE808D@localhost> <[🔎] 3EA6ECE8.17046.1E3FFC@localhost> <[🔎] 3EA72651.12667.FE808D@localhost>


or, if using syslog-ng, do this for each logfile type in your config file:

destination syslog { file("/var/log/serverlogs/$HOST/syslog" owner("root")group("adm") perm(0640)); };



that way, each server will have unique files in their own directories.

I'm assuming you mean maintaining a separate log per machine that you collect
logs for?  I wouldn't bother with that, personally.  Grep is a great tool...
If you *really* generate a lot of log information and need to analyze it in
greater detail, then dumping it into a database at the back end could be
warranted.  For most sites, though, grep is quite sufficient, especially if
you combine it with swatch -- which can look through your log files for
particular events that you define, and then email/page you when/if they
occur.  A simple, but quite usable intrusion detection system of sorts...

Reply to:

Follow-Ups:
- Re: Secure remote syslogging?
  - From: Jose Luis Domingo Lopez <debian-security@24x7linux.com>

References:
- Re: Secure remote syslogging?
  - From: "Stefan Neufeind" <stefan@neufeind.net>
- Secure remote syslogging?
  - From: "Stefan Neufeind" <stefan@neufeind.net>
- Re: Secure remote syslogging?
  - From: "Kenneth R. van Wyk" <ken@vanwyk.org>

Prev by Date: Re: Secure remote syslogging?
Next by Date: Re: Secure remote syslogging?
Previous by thread: Re: Secure remote syslogging?
Next by thread: Re: Secure remote syslogging?
Index(es):
- Date
- Thread