[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

secure remote logging

Hello *,

anyone using a method to do secure remote logging? 
I need a advice how this could be realized.

I need data encryption and want to avoid misuse of the loghost.
(for examble DoS)

Some idea's of me:

a) ipsec or cipe to tunnel the complete traffic between loghost and 
the other servers. Is multipoint to central point possible?

b) a better syslog than the default + a packetfilter (iptables/ipchains) 
  Didn't find one yet. syslog-ng seems not to have encryption
  support out of the box. 
c) normal syslog + secure tunneling + packetfliter
 stunnel, ssl, ssh, netcat or zebedee.

There are other possibilities, as to send logging
information over serial connections or to rsnyc (over ssh) regularly the logs.
But serial lines are not possible in my environment and 
rsync gives me not the ability to establish a IDS-system on base
of logging.

I also can't make an extra IP network for only sending logging

What's best practice? How do you establish a loghost in an unsecure


Reply to: