From nobody Tue Oct 24 19:59:46 2023
X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SFNFl0yR5z4xRwT
	for <freebsd-security@mlmmj.nyi.freebsd.org>; Tue, 24 Oct 2023 20:00:11 +0000 (UTC)
	(envelope-from void@f-m.fm)
Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4SFNFk1N5mz4V74
	for <freebsd-security@freebsd.org>; Tue, 24 Oct 2023 20:00:10 +0000 (UTC)
	(envelope-from void@f-m.fm)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=f-m.fm header.s=fm3 header.b=iOraFFV0;
	dkim=pass header.d=messagingengine.com header.s=fm3 header.b=m5jSPI02;
	spf=pass (mx1.freebsd.org: domain of void@f-m.fm designates 64.147.123.24 as permitted sender) smtp.mailfrom=void@f-m.fm;
	dmarc=pass (policy=none) header.from=f-m.fm
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47])
	by mailout.west.internal (Postfix) with ESMTP id 30B753200A96
	for <freebsd-security@freebsd.org>; Tue, 24 Oct 2023 16:00:08 -0400 (EDT)
Received: from imap46 ([10.202.2.96])
  by compute6.internal (MEProxy); Tue, 24 Oct 2023 16:00:08 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=f-m.fm; h=cc
	:content-type:content-type:date:date:from:from:in-reply-to
	:in-reply-to:message-id:mime-version:references:reply-to:sender
	:subject:subject:to:to; s=fm3; t=1698177607; x=1698264007; bh=Ki
	4KiYOgynZJkIohftQpIcAZdeMPGKK+rWlNPaBWxTE=; b=iOraFFV0J1k3/TKZUi
	aJI/+MC2MgHfx3Q4MqcrapFlppselz21anq76muRV2+3UP/14pr+zgxSMvuqKJkb
	uPK5zJOIlPIGCKKUbjOy5SDCwiN9oh28bc/oRNb/M00I+5G3bT0yF6adDnXipsmf
	4NacljJlbgiMTbhZcIH1zOQJSNQWB0mBWsCXUz7myBR5GyWQdsNaQ0X2BHMwtYeo
	DRQ58y85a5Xjdh2uquJYf1V8uo3LB8/U0JNgoNO+Zxg41sWC8GHk6YaBuaC3QeGW
	9rwkP5ZnCstN2xpJYT7Fw2eaz9GR5h0Outmxe97aDfSp8rLQquN5NYsBrlYDTIOz
	oqIA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:sender:subject
	:subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
	:x-sasl-enc; s=fm3; t=1698177607; x=1698264007; bh=Ki4KiYOgynZJk
	IohftQpIcAZdeMPGKK+rWlNPaBWxTE=; b=m5jSPI02kuo8ssa+ZLSTNjboMUZai
	KAPNUCm233fdkPlVO9l9ABZhKg0uO/2W2CEJBAs1DlNJhYh8cpuP0udYhCIMn4cU
	KABm/BZtbsCrnby2kqmrqFzIJvsTqR3FxE/Wk/3PBKO0fZUMj7yGmetnj1wrq99X
	XulbUne24JyCI4vZweXrPVDySDaFvji8lWHTYNeQ9w46ofSrJjgOXYsXl/pj/U3P
	zZn2rGyt6r9vdA/930puYNiC06hlcQnhDcoG1Yj7VewYleSYUJHJtoHmmKBcnVYS
	Qx3LjElFEnCsGKkhLr4O4JqhR9slRHEplThfHpv24RpFQ0Z/RAwSL1HHg==
X-ME-Sender: <xms:RyI4ZQZUY1uCeoID3DYoP6opgjAH0GlAgQ9J6HZURv2bEepp07TKcg>
    <xme:RyI4ZbZGRhi1HSWe36gGCx0JlfndfgmTQ5TTsB6RD_s-Kp0YkqIIWMRYRS2CjEUn6
    4fFGFPkPQ6iS9_IIg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrkeekgddugeefucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
    uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd
    ertderredtnecuhfhrohhmpehvohhiugcuoehvohhiugesfhdqmhdrfhhmqeenucggtffr
    rghtthgvrhhnpeeitedvueehtdehtddvhfeuhfevhedvieelvdeiffehveelheegfedule
    ejudekvdenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhm
    pehvohhiugesfhdqmhdrfhhm
X-ME-Proxy: <xmx:RyI4Za_3m3QHdqJZUT8x2Eg-7fwVOH5ddmU_cn-_NskkoyJfMu_OCw>
    <xmx:RyI4ZaobJyM7VmK6xOJycOtwwTEmTm-e1KwBVeVeE1CCesx4_gbYNA>
    <xmx:RyI4ZbpHfUMTuvEEkrGm6DZ457MUYEC9stcWXH4Ize0J3AZget21sw>
    <xmx:RyI4ZY35K-R2SX770r3xlycv-ulSsl9UPWJbIOQVRlkJp_RPr66GKQ>
Feedback-ID: i2541463c:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501)
	id 605202A20085; Tue, 24 Oct 2023 16:00:07 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.9.0-alpha0-1048-g9229b632c5-fm-20231019.001-g9229b632
List-Id: Security issues <freebsd-security.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-security
List-Help: <mailto:freebsd-security+help@freebsd.org>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Subscribe: <mailto:freebsd-security+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-security+unsubscribe@freebsd.org>
Sender: owner-freebsd-security@freebsd.org
X-BeenThere: freebsd-security@freebsd.org
MIME-Version: 1.0
Message-Id: <0adf3c6f-d739-4e40-9504-8633d11ebf1c@app.fastmail.com>
In-Reply-To: <20231024174540.1936912D@slippy.cwsent.com>
References: <ZTeaGFZjvcsKfbOW@int21h>
 <6638DADD-FCDB-492C-B1E8-441C6622038B@FreeBSD.org>
 <663fd243-94ec-40c1-ac66-ca8e3d5f278d@quip.cz>
 <35f733cc-a6c2-46a4-b564-b1ef87893fc5@app.fastmail.com>
 <20231024174540.1936912D@slippy.cwsent.com>
Date: Tue, 24 Oct 2023 19:59:46 +0000
From: void <void@f-m.fm>
To: freebsd-security@freebsd.org
Subject: Re: securelevel 1
Content-Type: text/plain
X-Spamd-Bar: -----
X-Spamd-Result: default: False [-5.32 / 15.00];
	DWL_DNSWL_LOW(-1.00)[messagingengine.com:dkim];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_LONG(-0.92)[-0.921];
	NEURAL_HAM_SHORT(-0.91)[-0.911];
	DMARC_POLICY_ALLOW(-0.50)[f-m.fm,none];
	RWL_MAILSPIKE_EXCELLENT(-0.40)[64.147.123.24:from];
	R_DKIM_ALLOW(-0.20)[f-m.fm:s=fm3,messagingengine.com:s=fm3];
	R_SPF_ALLOW(-0.20)[+ip4:64.147.123.24];
	RCVD_IN_DNSWL_LOW(-0.10)[64.147.123.24:from];
	MIME_GOOD(-0.10)[text/plain];
	XM_UA_NO_VERSION(0.01)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	FROM_HAS_DN(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org];
	ARC_NA(0.00)[];
	ASN(0.00)[asn:29838, ipnet:64.147.123.0/24, country:US];
	FREEMAIL_ENVFROM(0.00)[f-m.fm];
	TO_DN_NONE(0.00)[];
	FREEMAIL_FROM(0.00)[f-m.fm];
	RCVD_TLS_LAST(0.00)[];
	RCVD_COUNT_THREE(0.00)[3];
	FROM_EQ_ENVFROM(0.00)[];
	DKIM_TRACE(0.00)[f-m.fm:+,messagingengine.com:+];
	MIME_TRACE(0.00)[0:+];
	MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]
X-Rspamd-Queue-Id: 4SFNFk1N5mz4V74

On Tue, 24 Oct 2023, at 17:45, Cy Schubert wrote:

> What a lot of large enterprises do is send logs off machine. A *.* log to 
> @IP or an agent does the same thing. The remote logging server also has 
> software to allow one to search the logs for a machine or multiple machines 
> allowing one to correlate messages across the network.
>
> For server admins logging into each server individually, correlating logs 
> can be time consuming and a little challenging as one must keep a lot of 
> information in mind when working with multiple machines. But with logs sent 
> to a single server a person can use software designed to correlate logs.

Yes, I'm considering that (remote logging) too. That's probably the best solution 
even with only a couple of machines.

Thanks everyone