secure remote logging

To: debian-isp@lists.debian.org
Subject: secure remote logging
From: Waldemar Brodkorb <waldemar@thinknow.de>
Date: Thu, 15 Nov 2001 00:18:19 +0100
Message-id: <[🔎] 20011115001818.M686@thinknow.de>
Mail-followup-to: debian-isp@lists.debian.org
Reply-to: Waldemar Brodkorb <waldemar@thinknow.de>

Hello *,

anyone using a method to do secure remote logging? 
I need a advice how this could be realized.

I need data encryption and want to avoid misuse of the loghost.
(for examble DoS)

Some idea's of me:

a) ipsec or cipe to tunnel the complete traffic between loghost and 
the other servers. Is multipoint to central point possible?

b) a better syslog than the default + a packetfilter (iptables/ipchains) 
  Didn't find one yet. syslog-ng seems not to have encryption
  support out of the box. 
 
c) normal syslog + secure tunneling + packetfliter
 stunnel, ssl, ssh, netcat or zebedee.

There are other possibilities, as to send logging
information over serial connections or to rsnyc (over ssh) regularly the logs.
But serial lines are not possible in my environment and 
rsync gives me not the ability to establish a IDS-system on base
of logging.

I also can't make an extra IP network for only sending logging
information.

What's best practice? How do you establish a loghost in an unsecure
environment?

bye
    Waldemar

Reply to:

Prev by Date: Re: SNMP Monitoring
Next by Date: Re: SNMP Monitoring
Previous by thread: RE: MRTG HELP sos
Next by thread: Simple web log analysis for multiple sites?
Index(es):
- Date
- Thread