[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Followup: Syslog

from the secret journal of Andy Bastien (lists@yuggoth.net):
> Another technique is to use a separate logging server which has the
> transmit leads on it's ethernet connection snipped.  It's capable of
> receiving (via UDP only, since it can't ACK!) log entries, but it's
> virtually impossible to start an interactive session remotely to shut
> it down or otherwise interfere with it.  It's possible to attack the

It also can't arp. You'll need to prime the arp cache from a file for every
host that needs immutable logs. Have you tried this? I wonder if you'll even
get a link light.

A syslog that strips formfeeds and line feeds attached to a printer is a
little better, but I haven't found an efficient way to egrep with my eyes.

Jacob Kuntz

Reply to: