From owner-freebsd-security  Sun Feb 18 10:23: 1 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.numachi.com (numachi.numachi.com [198.175.254.2])
	by hub.freebsd.org (Postfix) with SMTP id 5ACEB37B401
	for <freebsd-security@freebsd.org>; Sun, 18 Feb 2001 10:22:58 -0800 (PST)
Received: (qmail 21439 invoked by uid 3001); 18 Feb 2001 18:22:55 -0000
Received: from natto.numachi.com (198.175.254.216)
  by numachi.numachi.com with SMTP; 18 Feb 2001 18:22:55 -0000
Received: (qmail 84728 invoked by uid 1001); 18 Feb 2001 18:22:55 -0000
Date: Sun, 18 Feb 2001 13:22:55 -0500
From: Brian Reichert <reichert@numachi.com>
To: Ragnar Beer <rbeer@uni-goettingen.de>
Cc: freebsd-security@freebsd.org
Subject: Re: Remote logging
Message-ID: <20010218132255.L91352@numachi.com>
References: <p04330104b6b573740812@[192.168.0.98]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <p04330104b6b573740812@[192.168.0.98]>; from rbeer@uni-goettingen.de on Sun, Feb 18, 2001 at 01:46:36PM +0100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sun, Feb 18, 2001 at 01:46:36PM +0100, Ragnar Beer wrote:
> Howdy!
> 
> I remember reading about remote logging as a more secure alternative 
> to setting sappnd flags. Can anybody confirm that and could you point 
> me to a howto or so about how it can be done?

What?  Syslog?

Set up a secured box, with syslogd:

  loghost# syslogd -a 192.186/16

Have this machine configured to write many machines' logs into
whatever scheme you find useful for analysis.

Have your other boxes have syslogd configured with something as
simple as:

  *.* @loghost

There are additional steps you can take to keep syslogd immune from
DNS outages; read the manpages.

Make sure all fo your boxes are syncroninzed via NTP.

> 
> Ragnar
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 

-- 
Brian 'you Bastard' Reichert		<reichert@numachi.com>
37 Crystal Ave. #303			Daytime number: (603) 434-6842
Derry NH 03038-1713 USA			Intel architecture: the left-hand path


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message