From owner-freebsd-security  Wed Aug 12 08:47:52 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA14196
          for freebsd-security-outgoing; Wed, 12 Aug 1998 08:47:52 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from mail.ftf.dk (mail.ftf.dk [129.142.64.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA14176
          for <security@FreeBSD.ORG>; Wed, 12 Aug 1998 08:47:49 -0700 (PDT)
          (envelope-from regnauld@deepo.prosa.dk)
Received: from mail.prosa.dk ([192.168.100.254])
	by mail.ftf.dk (8.8.8/8.8.8/gw-ftf-1.0) with ESMTP id RAA28038;
	Wed, 12 Aug 1998 17:52:36 +0200 (CEST)
	(envelope-from regnauld@deepo.prosa.dk)
Received: from deepo.prosa.dk (deepo.prosa.dk [192.168.100.10])
	by mail.prosa.dk (8.8.8/8.8.5/prosa-1.1) with ESMTP id RAA17000;
	Wed, 12 Aug 1998 17:54:33 +0200 (CEST)
Received: (from regnauld@localhost)
	by deepo.prosa.dk (8.8.8/8.8.5/prosa-1.1) id RAA28043;
	Wed, 12 Aug 1998 17:52:29 +0200 (CEST)
Message-ID: <19980812175228.41295@deepo.prosa.dk>
Date: Wed, 12 Aug 1998 17:52:28 +0200
From: Philippe Regnauld <regnauld@deepo.prosa.dk>
To: Reidar Bratsberg <reidar@ravn.no>
Cc: security@FreeBSD.ORG
Subject: Re: Where are your logs? Methods of logging?
References: <3.0.32.19980731162500.00869ce0@trost.ravn.no>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.88e
In-Reply-To: <3.0.32.19980731162500.00869ce0@trost.ravn.no>; from Reidar Bratsberg on Fri, Jul 31, 1998 at 04:25:00PM +0200
X-Operating-System: FreeBSD 2.2.6-RELEASE i386
Phone: +45 3336 4148
Address: Ahlefeldtsgade 16, 1359 Copenhagen K, Denmark
Organization: PROSA
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

	[catching up on a lot of mail]

Reidar Bratsberg writes:
> 
> Other options: Let syslog log to a serial port, and set up an
> old machine with MS-DOS (or whatever) to receive them.

	As mentioned later, TP with transmit cut doesn't seem to
	work -- to improve on your above solution, put an old DX33
	back to back with the firewall/critical host using PPP or PLIP -- 
	and syslog everyting to that box (run Swatch or Logsurfer
	on it).  It's more complicated than above (and you can't afford to cut 
	the TX wire on the RS-232 with PPP!), but you can eventually do more 
	with that box, like stick a modem on it.

	Think I'll write up something and add it to the security Howto...

-- 
 -[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11.3E ]-

               The Internet is busy.  Please try again later.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message