Re: Logauswertung (translation)

To: debian-security@lists.debian.org
Subject: Re: Logauswertung (translation)
From: Ronald van den Blink <ronald@securityview.org>
Date: Sat, 3 Jun 2006 11:23:17 +0200
Message-id: <[🔎] 5E0114E3-C49E-497C-9AA6-6883063BBF7A@securityview.org>
In-reply-to: <[🔎] 20060603071659.GA2340@server.homelinux.net>
References: <e2gg8s$4j9$03$1@news.t-online.com> <20060423191505.GE25640@think.alaya.net> <[🔎] 20060603071659.GA2340@server.homelinux.net>

I would additionally like to send the logs over Syslog-ng to a log
server.


I stronly recommend not to do this. We had a ccc (chaos computer club)
meeting while someone brought the logfile from his mailserver to
meetings.

By seeing the logfile without error messages it was quite easy tohave a

look at the employees and and their key qualification.

By seeing logfiles unencrypted it's possible to have a look what's
running on your server so I strongly recommend not to do this.

Use logcheck local on your server and login over ssh which is quite
secure. (There was just one vulnerability in the past years).

I use a simple perl script fwlog to check the logfiles.

I agree with you on the logtransfer issue, but disagree with you onthe "don't-use-a-central-logserver" ;) At this moment we are using alogserver in-house, so that's not encrypted, and we are using it onsome places where we send the logs outbound. There are several waysto do this, and I'm using a OpenVPN-tunnel to send it. But I'm sureit is possible to send the logs encrypted someway (stunnel maybe?) ifyou are not able to use a VPN-tunnel.



With regards


Ronald

Reply to:

References:
- Re: Logauswertung (translation)
  - From: Mark-Walter@t-online.de (Mark Walter)

Prev by Date: Re: Logauswertung (translation)
Next by Date: Re: [SECURITY] [DSA 1089-1] New freeradius packages fix arbitrary code execution
Previous by thread: Re: Logauswertung (translation)
Next by thread: Re: [SECURITY] [DSA 1089-1] New freeradius packages fix arbitrary code execution
Index(es):
- Date
- Thread