Date: Wed, 30 Mar 2005 18:46:18 -0800 From: Kurt Buff <kurt.buff@gmail.com> To: John Pettitt <jpp@cloudview.com>, freebsd-questions@freebsd.org Subject: Re: syslog/postfix question Message-ID: <424B647A.1040705@gmail.com> In-Reply-To: <424B5FC6.5080803@cloudview.com> References: <424B5D56.20104@spro.net> <424B5FC6.5080803@cloudview.com>
next in thread | previous in thread | raw e-mail | index | archive | help
John Pettitt wrote: > > Kurt Buff wrote: > > >>I've been perusing man syslog and man syslog.conf, and haven't gotten >>my mind quite wrapped around it yet. >> >>I have 4 FBSD 5.3 servers on my network, each running postfix 2.x. One >>is a mail gateway to our Exchange server, the others are just using >>postifx for mailing out the daily/weekly/monthly/security logs, while >>they perform their other duties. >> >>I want to have the normal logging (in this case /var/log/messages and >>/var/log/maillog) happen both locally and sent to a remote syslog server. >> >>I haven't yet modified syslog.conf on any of these machines. >> >>Am I correct in believing that all I have to do to make this happen is >>uncomment the line that says: >> >>#*.* @loghost >> >>and change @loghost to match my syslog server? That is, along with >>making sure that name resolution works correctly, of course. >> >> > > On the sending end that's it. On the receiving host you need to make > sure syslogd has the correct setting to receive the log packets. There > are security upsides and downside to doing what you propose. > > Upside: logs are on a different box - hopefully a secure one - so you > have a record of attacks against the other boxes. > > Downside: log packets are unencrypted UDP so a black hat may be able to > sniff them and learn about system configuration. > > In the end I think the upside wins. > > John That's what I needed to hear. I've been aware of the risks for a while - I've got a syslogging client on my Windows servers. I want the centralization - it makes research just that much easier. Thanks for the help. Kurt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?424B647A.1040705>