From owner-freebsd-questions  Mon Oct 15 14:10:18 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from drex.staff.izr.com (drex.staff.izr.com [195.26.38.16])
	by hub.freebsd.org (Postfix) with ESMTP id E06B937B413
	for <freebsd-questions@freebsd.org>; Mon, 15 Oct 2001 14:10:08 -0700 (PDT)
Received: by drex.staff.izr.com (Postfix, from userid 1001)
	id 20BDB337A8; Mon, 15 Oct 2001 22:10:08 +0100 (BST)
Date: Mon, 15 Oct 2001 22:10:08 +0100
From: Mark Drayton <mark.drayton@izr.com>
To: freebsd-questions@freebsd.org
Subject: Re: Syslog questions
Message-ID: <20011015221008.A36840@drex.staff.izr.com>
Mail-Followup-To: freebsd-questions@freebsd.org
References: <20011015135221.E48004@dark4ce.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011015135221.E48004@dark4ce.com>; from freebsd@dark4ce.com on Mon, Oct 15, 2001 at 01:52:21PM +0200
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hanno Liem (freebsd@dark4ce.com) wrote:
> I have a few questions regarding Syslog:
> 
> 1. I know it is possible to send a syslog to a different machine; does
> this have any security implications?

AFAIK the only security issues are DOS based. An attacker could send
enough log messages to a remote host to fill its disk/partition up. You
should only allow trusted clients to log to this remote machine by using
the -a flag to syslogd or a firewall such as ipfw.

> 2. Is it actually useful to log to a machine dedicated to logging? Or
> do most of you keep logfiles on the machine that is logging?

I usually send auth.*, authinfo.* and security.* to a remote machine and
keep the rest on the local machine. This way I get most of the
potentially security sensitive data on the remote machine and all the
big stuff like mail logfiles on the local machine where it's easier to
read when fixing a problem.

> 3. If I would like to have one virtual console dedicated to syslog
> (say the one 'under' ALT-F12), how would I configure this so that it
> only displays logs there, instead of all my root windows, and how do I
> configure the Virtual Console in such a way that it will not give a
> login prompt on that Console? (I remember having set this up under
> Linux years ago).

I'm not physically at a machine right now, but try a line like so in
syslogd.conf:

facility.level							/dev/ttyvb

(replacing facility and level with... facilities and levels of your
choice).

By default a getty doesn't run on 'F12' but to make sure check there are
no lines beginning ttyvb on /etc/ttys/.

Hope this helps,

-- 

Mark Drayton

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message