From owner-freebsd-security@FreeBSD.ORG Sat Dec 11 01:16:13 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B11FA16A4CE for ; Sat, 11 Dec 2004 01:16:13 +0000 (GMT) Received: from mail.npubs.com (mail.npubs.com [209.66.100.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id 88BEF43D58 for ; Sat, 11 Dec 2004 01:16:13 +0000 (GMT) (envelope-from nielsen@memberwebs.com) From: Nielsen User-Agent: Mozilla Thunderbird 0.9 (X11/20041127) X-Accept-Language: en-us, en MIME-Version: 1.0 Cc: freebsd-security@freebsd.org References: <41BA3DD6.5040702@adelphia.net> X-Enigmail-Version: 0.89.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Message-Id: <20041211012557.E29B0840813@mail.npubs.com> X-AV-Checked: ClamAV using ClamSMTP Date: Sat, 11 Dec 2004 01:25:58 +0000 (GMT) Subject: Re: way to duplicate logs? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Dec 2004 01:16:13 -0000 Bob Ababurko wrote: > Also, is there a way to make more than one copy of these logs?....I am > not sure how this is set up and but I would like to possibly have > another set of logs in place so if someone is editing them, I can catch > it. I know there is a chance that I may be overreacting., but just in > case I want to know. You can forward them to another machine. Add a line like this to your syslog.conf: *.* @hostname And then on the other machine change syslogd to accept (udp log packets) connections from other machines by removing the '-s' flags. Of course if someone is really messing around they'll be able to send bogus logs to your other logging machine too. Cheers, Nate