[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [despammed] Re: Secure remote syslogging?

You could hardcode the MAC using static arp entries. Also, you could
just broadcast on the logger interface (which doesn't require an ARP
lookup, it just uses the broadcast MAC).

My concerns with this approach (although I like the sound of it) is that
it might fsck up your media detection (eg: is the cable plugged in?)
which I think some cards do. I'm also pretty sure this doesn't work with

Alternatives: (the traditional line printer was already mentioned), any
sort of write-only media will do the trick (eg: CD-RW). You might have
to flush batches of log entries to the CD for it to work. I'm not sure
what min packet size on UDF FS is.

There are probably other cool tricks you could employ.


On Tue, 2003-04-29 at 06:30, Ed McMan wrote:
> Tuesday, April 29, 2003, 8:54:51 AM, Sam Couter (Sam) wrote:
> Sam> Stefan Neufeind <stefan@neufeind.net> wrote:
> >> what is the best way to remotely syslog? In
> Sam> Use a dedicated machine. Cut the 'transmit' pair in the CAT5 cable.
> Sam> syslog is UDP, which is only one-way, so it doesn't need to transmit.
> Wouldn't the machine still need to transmit some things, namely arp?
> ------------------------------------------------------
> | Eddie J Schwartz <EdMcMan@[despammed.com|m00.net]> |
> |  AIM: Uncaring Eyes ICQ: 35576339 YHOO: edmcman2   |
> |  "We Trills have an expression -- at forty, you    |
> |  think you know everything. At four hundred you    |
> |  realize you know nothing." - Dax, Startrek DS9    |
> ------------------------------------------------------
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: