From owner-freebsd-questions  Tue Oct 16  0:57:15 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from drex.staff.izr.com (drex.staff.izr.com [195.26.38.16])
	by hub.freebsd.org (Postfix) with ESMTP id 1F0FF37B40C
	for <freebsd-questions@FreeBSD.ORG>; Tue, 16 Oct 2001 00:57:13 -0700 (PDT)
Received: by drex.staff.izr.com (Postfix, from userid 1001)
	id C4350337A8; Tue, 16 Oct 2001 08:57:11 +0100 (BST)
Date: Tue, 16 Oct 2001 08:57:11 +0100
From: Mark Drayton <mark.drayton@izr.com>
To: freebsd-questions@FreeBSD.ORG
Subject: Re: Syslog questions
Message-ID: <20011016085711.A40129@drex.staff.izr.com>
Mail-Followup-To: freebsd-questions@FreeBSD.ORG
References: <20011015135221.E48004@dark4ce.com> <20011015221008.A36840@drex.staff.izr.com> <3BCB7F28.447C4AF3@ljusdal.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3BCB7F28.447C4AF3@ljusdal.net>; from rocky@ljusdal.net on Tue, Oct 16, 2001 at 02:28:24AM +0200
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Roger 'Rocky' Vetterberg (rocky@ljusdal.net) wrote:
> Mark Drayton wrote:
> 
> > Hanno Liem (freebsd@dark4ce.com) wrote:
> > > I have a few questions regarding Syslog:
> > >
> > > 1. I know it is possible to send a syslog to a different machine;
> > > does this have any security implications?
> >
> > AFAIK the only security issues are DOS based. An attacker could send
> > enough log messages to a remote host to fill its disk/partition up.
> > You should only allow trusted clients to log to this remote machine
> > by using the -a flag to syslogd or a firewall such as ipfw.
> 
> AFAIK the logs are transmitted using unencrypted protocols, IIRC
> regular UDP.  This could make it possibly for an attacker to sniff the
> traffic between the machine and the logserver, and hence gain access
> to the logfiles.  I would consider this a security issues, I dont want
> anyone unauthorized reading my logfiles.

Oh, erm. There is that of course :~)

Cheers,

-- 

Mark Drayton

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message