secure remote logging
anyone using a method to do secure remote logging?
I need a advice how this could be realized.
I need data encryption and want to avoid misuse of the loghost.
(for examble DoS)
Some idea's of me:
a) ipsec or cipe to tunnel the complete traffic between loghost and
the other servers. Is multipoint to central point possible?
b) a better syslog than the default + a packetfilter (iptables/ipchains)
Didn't find one yet. syslog-ng seems not to have encryption
support out of the box.
c) normal syslog + secure tunneling + packetfliter
stunnel, ssl, ssh, netcat or zebedee.
There are other possibilities, as to send logging
information over serial connections or to rsnyc (over ssh) regularly the logs.
But serial lines are not possible in my environment and
rsync gives me not the ability to establish a IDS-system on base
I also can't make an extra IP network for only sending logging
What's best practice? How do you establish a loghost in an unsecure