From owner-freebsd-security  Tue Oct  5  7:17:52 1999
Delivered-To: freebsd-security@freebsd.org
Received: from faith.cs.utah.edu (faith.cs.utah.edu [155.99.198.108])
	by hub.freebsd.org (Postfix) with ESMTP id 900CB15217
	for <freebsd-security@FreeBSD.ORG>; Tue,  5 Oct 1999 07:17:39 -0700 (PDT)
	(envelope-from danderse@faith.cs.utah.edu)
Received: (from danderse@localhost)
	by faith.cs.utah.edu (8.9.3/8.9.3) id IAA01309;
	Tue, 5 Oct 1999 08:17:31 -0600 (MDT)
From: David G Andersen <danderse@cs.utah.edu>
Message-Id: <199910051417.IAA01309@faith.cs.utah.edu>
Subject: Re: Syslog over serial
To: rh-skerka@itsec-debis.de (Randolf-Heiko Skerka)
Date: Tue, 5 Oct 1999 08:17:31 -0600 (MDT)
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <19991005072724.A9642@merlin.itsec-debis.de> from "Randolf-Heiko Skerka" at Oct 5, 99 07:27:24 am
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Right.  An alternate way to do this is simply to set it up as a null modem
between the two, and have a logger process on the other end of it.  The
folks at Utah use a setup exactly like this (with cyclades boards) for
monitoring their test network;  works like a charm.

I'm sure that they could be convinced to release the source to 'capture'
if asked nicely. :)  (If someone wants it)

  -Dave

Lo and behold, Randolf-Heiko Skerka once said:
> 
> Well the idea is quite good, but dangerous!
> 
> The intention to send syslog over a serial line is not to have an IP
> connection betwen the sender (normaly a server in a dmz) and a logging host.
> So if you establish a p-t-p IP connection, it's easier to use an ethernet
> wire ... just to keep in mind.
> 
>   Randolf
> 
> -- 
> +------------------------------------------------------------------------+
> | Randolf Skerka                              debis IT Security Services |
> | Tel. +49-228-9841-510                       Rabinstrasse 8, 53111 Bonn |
> |         2 weeks free trial: Security news every day www.dcert.de       |
> +------------------------------------------------------------------------+
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 


-- 
work: dga@lcs.mit.edu                          me:  dga@pobox.com
      MIT Laboratory for Computer Science           http://www.angio.net/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message