Re: Followup: Syslog
On Sun, 15 Apr 2001 14:45:04 EDT, Andy Bastien writes:
>> A syslog that strips formfeeds and line feeds attached to a printer is a
>> little better, but I haven't found an efficient way to egrep with my
>Here's a page that discusses how to make a receive-only cable (scroll
>down to 3.6): http://www.robertgraham.com/pubs/sniffing-faq.html
You can connect the "dedicated logger" machine to your live machine with a
null-modem cable, and run a simple program on the "dumb logger" that dumps
everything that appears on /dev/ttyS0 to a file, and get the syslogd on
the live machine to send everything to /dev/ttyS0. Since the only
connection between the dedicated logger and the rest of your network is a
serial cable, and since you aren't running a getty on those serial lines,
you can be fairly sure that nobody is going to hack into the machines to
modify the logs. And you can log onto the console of the logger machine
to grep the log files whenever you want.
/"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
\ / ASCII Ribbon Campaign | Wade Richards --- email@example.com
X - NO HTML/RTF in e-mail | Fight SPAM! Join CAUCE.
/ \ - NO Word docs in e-mail | See http://www.cauce.org/ for details.