[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Followup: Syslog



On Sun, 15 Apr 2001 14:45:04 EDT, Andy Bastien writes:
>> A syslog that strips formfeeds and line feeds attached to a printer is a
>> little better, but I haven't found an efficient way to egrep with my 
eyes.
>[...]
>
>Here's a page that discusses how to make a receive-only cable (scroll
>down to 3.6): http://www.robertgraham.com/pubs/sniffing-faq.html

You can connect the "dedicated logger" machine to your live machine with a 
null-modem cable, and run a simple program on the "dumb logger" that dumps 
everything that appears on /dev/ttyS0 to a file, and get the syslogd on 
the live machine to send everything to /dev/ttyS0.  Since the only 
connection between the dedicated logger and the rest of your network is a 
serial cable, and since you aren't running a getty on those serial lines, 
you can be fairly sure that nobody is going to hack into the machines to 
modify  the logs.  And you can log onto the console of the logger machine 
to grep the log files whenever you want.

	--- Wade

-- 
 /"\  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 
 \ /   ASCII Ribbon Campaign    | Wade Richards --- wrichard@direct.ca 
  X   - NO HTML/RTF in e-mail   | Fight SPAM!  Join CAUCE.
 / \  - NO Word docs in e-mail  | See http://www.cauce.org/ for details.




Reply to: