Re: Secure remote syslogging?

To: "Stefan Neufeind" <stefan@neufeind.net>, debian-security@lists.debian.org
Subject: Re: Secure remote syslogging?
From: "Kenneth R. van Wyk" <ken@vanwyk.org>
Date: Wed, 23 Apr 2003 16:37:59 -0400
Message-id: <[🔎] 200304231637.59865.ken@vanwyk.org>
In-reply-to: <[🔎] 3EA6ECE8.17046.1E3FFC@localhost>
References: <[🔎] 3EA6ECE8.17046.1E3FFC@localhost>

On Wednesday 23 April 2003 13:43, Stefan Neufeind wrote:
> what is the best way to remotely syslog? 

If the business situation warrants the expense, then I advise my clients to 
run an admin network on critical servers, with one hardened syslog server to 
receive event logs from the servers.  Keep admin (including) and production 
data separate, and only run syslogd (and possibly sshd) on the syslog server.  
It's also a good idea to keep the log data on a RAID-5 array for reliability, 
but that's another issue.

Short of write-once media, 1-way wiring, etc., this is a pretty darned secure 
way of deploying a syslog server, IMHO.

Cheers,

Ken van Wyk
-----
author, "Incident Response" and "Secure Coding", O'Reilly & Assoc.
www.incidentresponse.com, www.securecoding.org

Reply to:

Follow-Ups:
- Re: Secure remote syslogging?
  - From: "Stefan Neufeind" <stefan@neufeind.net>
- Re: Secure remote syslogging?
  - From: Litzler Mihaly <lici@hit.hu>

References:
- Secure remote syslogging?
  - From: "Stefan Neufeind" <stefan@neufeind.net>

Prev by Date: Re: 288-1: openssl and stunnel
Next by Date: Re: Secure remote syslogging?
Previous by thread: Secure remote syslogging?
Next by thread: Re: Secure remote syslogging?
Index(es):
- Date
- Thread