Date: Mon, 15 Oct 2001 22:10:08 +0100 From: Mark Drayton <mark.drayton@izr.com> To: freebsd-questions@freebsd.org Subject: Re: Syslog questions Message-ID: <20011015221008.A36840@drex.staff.izr.com> In-Reply-To: <20011015135221.E48004@dark4ce.com>; from freebsd@dark4ce.com on Mon, Oct 15, 2001 at 01:52:21PM %2B0200 References: <20011015135221.E48004@dark4ce.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hanno Liem (freebsd@dark4ce.com) wrote: > I have a few questions regarding Syslog: > > 1. I know it is possible to send a syslog to a different machine; does > this have any security implications? AFAIK the only security issues are DOS based. An attacker could send enough log messages to a remote host to fill its disk/partition up. You should only allow trusted clients to log to this remote machine by using the -a flag to syslogd or a firewall such as ipfw. > 2. Is it actually useful to log to a machine dedicated to logging? Or > do most of you keep logfiles on the machine that is logging? I usually send auth.*, authinfo.* and security.* to a remote machine and keep the rest on the local machine. This way I get most of the potentially security sensitive data on the remote machine and all the big stuff like mail logfiles on the local machine where it's easier to read when fixing a problem. > 3. If I would like to have one virtual console dedicated to syslog > (say the one 'under' ALT-F12), how would I configure this so that it > only displays logs there, instead of all my root windows, and how do I > configure the Virtual Console in such a way that it will not give a > login prompt on that Console? (I remember having set this up under > Linux years ago). I'm not physically at a machine right now, but try a line like so in syslogd.conf: facility.level /dev/ttyvb (replacing facility and level with... facilities and levels of your choice). By default a getty doesn't run on 'F12' but to make sure check there are no lines beginning ttyvb on /etc/ttys/. Hope this helps, -- Mark Drayton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011015221008.A36840>