Date: Thu, 27 May 1999 09:24:46 +0200 From: Sheldon Hearn <sheldonh@uunet.co.za> To: Martin Kammerhofer <dada@sbox.tu-graz.ac.at> Cc: security@FreeBSD.ORG Subject: Re: TCP connect data logger Message-ID: <63985.927789886@axl.noc.iafrica.com> In-Reply-To: Your message of "Wed, 26 May 1999 14:05:14 %2B0200." <Pine.BSF.3.96.990526135851.8495D-100000@localhost.kfunigraz.ac.at>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 26 May 1999 14:05:14 +0200, Martin Kammerhofer wrote: > Both udp.log_in_vain and tcp.log_in_vain have *no* rate limiting. > Enabling them can generate huge amounts of LOG_INFO messages during > port scans. That's why they're only really useful if syslog writing their output away from sensitive filesystems like /var. There's a lot of material in the archives of this list regarding suitable alternatives (printers, remote syslogd's, dedicated filesystems etc.) so there's no need for us to rehash that now. :-) If I remember correctly, it takes a source hack to get the messages out of the mainstream on a LOG_LOCAL? facility. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?63985.927789886>