From owner-freebsd-security  Wed Oct  6  0:47:36 1999
Delivered-To: freebsd-security@freebsd.org
Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.76.24])
	by hub.freebsd.org (Postfix) with ESMTP id 1E9BC14CB9
	for <freebsd-security@FreeBSD.ORG>; Wed,  6 Oct 1999 00:47:30 -0700 (PDT)
	(envelope-from avalon@cheops.anu.edu.au)
Received: (from avalon@localhost)
	by cheops.anu.edu.au (8.9.1/8.9.1) id RAA07368;
	Wed, 6 Oct 1999 17:46:39 +1000 (EST)
From: Darren Reed <avalon@coombs.anu.edu.au>
Message-Id: <199910060746.RAA07368@cheops.anu.edu.au>
Subject: Re: Syslog over serial
To: mike@argos.org (Mike Nowlin)
Date: Wed, 6 Oct 1999 17:46:38 +1000 (EST)
Cc: madscientist@thegrid.net, freebsd-security@FreeBSD.ORG
In-Reply-To: <Pine.LNX.4.05.9910060307590.15924-100000@jason.argos.org> from "Mike Nowlin" at Oct 6, 99 03:27:26 am
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In some mail from Mike Nowlin, sie said:
[...]
> One of the nice things about syslog is that you can have messages go to
> multiple places, although sometimes it takes a little creativity to make
> it work...  All of the machines at work log to a common host using
> standard "*.* @1.2.3.4" notation in syslog.conf -- the common host records
> everything to a (really big) disk file, in addition to breaking it down
> depending on syslog facility into separate log files.  The
> "/var/log/biglog" that syslog creates has a program running against it
> that does the equivalent of "tail -f", sent over an encrypted socket to
> one of the machines at my home.  In addition, the common logger sends all
> the messages out via a serial line to a dumb terminal sitting behind my
> my chair - quick viewability (?) to keep track of what's going on, and the
> attached printer lets me grab stuff if I need to.  (Two keystrokes to turn
> the printer on/off.)  Along with all of this, the three big machines that
> I'm really concerned about each have a serial line connected to a serial
> line-buffering multiplexer, which is in turn connected to a DOS box that
> records everything they send out.  This has been extremely beneficial in
> the past during breakins, etc. where Mr. Intruder thought he'd play it
> safe by wiping the log files -- good luck.... :)
[...]

[shameless plug]

Were you using nsyslogd you could have the TCP/IP connection and
encryption done using SSL without needing multiple programs.
You are also protected from logfile tampering by message hashing.

Darren

http://coombs.anu.edu.au/~avalon/nsyslog.html


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message