Re: possible attack?
On 21 Mar 2002 at 13:41, Joerg Wendland wrote:
> On Thu, Mar 21, 2002 at 08:51:49AM -0000, Chris Evans wrote:
> > unix 1 [ ] STREAM CONNECTED 1123334 /dev/log
> ^^^^
> Look at the protocol, it has nothing to do with the network, it is connected
> through a UNIX socket.
Thanks. I was clearly in mode! Apologies all!
I went and read more of the documentation on syslog-ng after sending
that and was happy that the syslog-ng.conf was only allowing
information to it from the server through local sockets as you say.
What I need now is a pointer to an introduction to UNIX sockets and
to how I work out why my server is suddenly exceeding the syslog-ng
connection limit. I think it was about a slightly higher than usual
rate of activity in postfix but I'm not sure as I'm surprised it
could have triggered that. I think if I got my head around syslog-
ng.conf rather better and set up routes and filters that really made
more sense of the logged data, I'd be in a better position to
understand all this.
Does anyone have a conf file they'd share with me? Ideally for a
single server with SMTP, POP3, SSH, NTP, APCUPSD and very little
else, though I guess more complex set ups would be even more
informative.
Thanks Joerg and TIA to anyone who can point me on further.
Chris
PSYCTC: Psychotherapy, Psychology, Psychiatry, Counselling
and Therapeutic Communities; practice, research,
teaching and consultancy.
Chris Evans & Jo-anne Carlyle
http://psyctc.org/ Email: chris@psyctc.org
Reply to: