Ah, I see. I did't read carefully past "stealth mode" it seems. I was thinking of this:<br>
<br>
<a href="http://www.linuxjournal.com/xstatic/articles/lj/0092/5476/5476s2.html">http://www.linuxjournal.com/xstatic/articles/lj/0092/5476/5476s2.html</a><br>
<br>
<a href="http://www.linuxjournal.com/article/6222">http://www.linuxjournal.com/article/6222</a><br>
<br>
It's a hidden syslog server that's not attackable by common methods
(well except flooding with log messages - hard to eliminate DoS risks
with any service). If you snip the send pair in its ethernet cable and
hardcode MAC addresses then it's quite a secure log receiver.<br><br><div><span class="gmail_quote">On 9/13/05, <b class="gmail_sendername">Bill Nash</b> <<a href="mailto:billn@billn.net">billn@billn.net</a>> wrote:
</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>You mean..<br><br>Log all activity on the box and forward it off to another device, storing
<br>nothing locally?<br><br>Declare a source of /dev/log.<br><br>Declare a sole udp destination of the IP you want to log to. (I've always<br>liked the idea of a home or office network being logged to the inside NAT<br>broadcast address so any workstation can monitor logging, but I'm weird
<br>like that.)<br><br>Remove all lines that log to files.<br><br>And you're done.<br><br>- billn<br><br>On Tue, 13 Sep 2005, Albretch Mueller wrote:<br><br>> Hi *,<br>><br>> I would like for system logs like the ones produced by the kernel, iptable
<br>> (generally in /var/log/syslog), as well as anyother applications running in a<br>> Linux-based router to be processed by an ng-syslog client and just popped as<br>> UDP packets<br>><br>> I looked into
<a href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a> and couldn't see any<br>> particular info on this specifically and I also search<br>> <a href="http://marc.theaimsgroup.com/?l=syslog-ng">
http://marc.theaimsgroup.com/?l=syslog-ng</a> for 'stealth' and didn't get any<br>> hits (a search on 'UDP' would dump millions of hits on you ;-))<br>><br>> How could you do something like that?<br>><br>> Thanks
<br>> Albretch<br>><br>><br>> _______________________________________________<br>> syslog-ng maillist - <a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a><br>> <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">
https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>> Frequently asked questions at <a href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a><br>><br>><br>_______________________________________________
<br>syslog-ng maillist - <a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a><br><a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
<br>Frequently asked questions at <a href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a><br><br></blockquote></div><br>