Re: Secure remote syslogging?
On Wednesday 23 April 2003 13:43, Stefan Neufeind wrote:
> what is the best way to remotely syslog?
If the business situation warrants the expense, then I advise my clients to
run an admin network on critical servers, with one hardened syslog server to
receive event logs from the servers. Keep admin (including) and production
data separate, and only run syslogd (and possibly sshd) on the syslog server.
It's also a good idea to keep the log data on a RAID-5 array for reliability,
but that's another issue.
Short of write-once media, 1-way wiring, etc., this is a pretty darned secure
way of deploying a syslog server, IMHO.
Cheers,
Ken van Wyk
-----
author, "Incident Response" and "Secure Coding", O'Reilly & Assoc.
www.incidentresponse.com, www.securecoding.org
Reply to: