Re: Secure remote syslogging?
But what if you can't deploy a separate network just for syslog?
Encrypt it somehow? Or just use ip-based-security? I guess that's the
worse idea if you might be on a switch with several other machines,
right?
And do I really need a real syslog on the other machine? Or is there
any daemon so I can receive syslog-entries like
machine1: ...
machine2: ...
machine2: ...
In separate files for the machines on the central server?
I guess this would best suit my needs. But again: It needs to be
secure - even over a "public switch" :-(((
On 23 Apr 2003 at 16:37, Kenneth R. van Wyk wrote:
> On Wednesday 23 April 2003 13:43, Stefan Neufeind wrote:
> > what is the best way to remotely syslog?
>
> If the business situation warrants the expense, then I advise my
> clients to run an admin network on critical servers, with one hardened
> syslog server to receive event logs from the servers. Keep admin
> (including) and production data separate, and only run syslogd (and
> possibly sshd) on the syslog server. It's also a good idea to keep
> the log data on a RAID-5 array for reliability, but that's another
> issue.
>
> Short of write-once media, 1-way wiring, etc., this is a pretty darned
> secure way of deploying a syslog server, IMHO.
>
> Cheers,
>
> Ken van Wyk
> -----
> author, "Incident Response" and "Secure Coding", O'Reilly & Assoc.
> www.incidentresponse.com, www.securecoding.org
>
Reply to: