From owner-freebsd-security Fri Jul 31 12:20:10 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA08956 for freebsd-security-outgoing; Fri, 31 Jul 1998 12:20:10 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ns1.eds.com (ns1.eds.com [192.85.154.78]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA08947 for ; Fri, 31 Jul 1998 12:20:05 -0700 (PDT) (envelope-from jadamson@can.eds.com) Received: from nnsa.eds.com (nnsa.eds.com [192.85.154.30] (may be forged)) by ns1.eds.com (8.8.8/8.8.8) with ESMTP id PAA13576 for ; Fri, 31 Jul 1998 15:20:00 -0400 (EDT) Received: from fangio.osipc.can.eds.com (fangio.osipc.can.eds.com [205.239.195.11]) by nnsa.eds.com (8.8.8/8.8.8) with ESMTP id PAA13574 for ; Fri, 31 Jul 1998 15:19:30 -0400 (EDT) Received: from VOY-LAPTOP ([204.104.139.88]) by fangio.osipc.can.eds.com (Netscape Mail Server v1.1) with SMTP id AAA25958 for ; Fri, 31 Jul 1998 15:17:02 -0400 Received: by VOY-LAPTOP with Microsoft Mail id <01BDBC96.858D7B00@VOY-LAPTOP>; Fri, 31 Jul 1998 15:18:50 -0400 Message-ID: <01BDBC96.858D7B00@VOY-LAPTOP> From: jadamson@can.eds.com (Adamson, Jason) To: "'thivars@est.is'" , "security@FreeBSD.ORG" Subject: RE: Where are your logs? Methods of logging? Date: Fri, 31 Jul 1998 15:18:43 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id MAA08951 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org What about a one way serial connection from your gateway ( or whatever ) to your logging machine. This way no one could mess with the connection. Just a thought. Jason Adamson EDS Canada Network Security Administration jadamson@can.eds.com -----Original Message----- From: Þórður Ívarsson [SMTP:totii@est.is] Sent: Friday, July 31, 1998 8:14 AM To: security@FreeBSD.ORG Subject: Where are your logs? Methods of logging? I notice here on the list that many of us get break in and there are no logs available afterwards. After break in to one of our system I installed system on old but reliable computer and with plenty of diskspace for logs. All services not needed are disabled and firewall that denys everything but incoming logging packets. Now I log everything from every system to that computer, backup the logs every day, and trace them. Is this something that might help us to trace the problems or is this just extra trouble? Þórður Ívarsson thivars@est.is To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message