Ah, I see. I did't read carefully past "stealth mode" it seems. I was thinking of this: http://www.linuxjournal.com/xstatic/articles/lj/0092/5476/5476s2.html http://www.linuxjournal.com/article/6222 It's a hidden syslog server that's not attackable by common methods (well except flooding with log messages - hard to eliminate DoS risks with any service). If you snip the send pair in its ethernet cable and hardcode MAC addresses then it's quite a secure log receiver. On 9/13/05, Bill Nash <billn@billn.net> wrote:
You mean..
Log all activity on the box and forward it off to another device, storing nothing locally?
Declare a source of /dev/log.
Declare a sole udp destination of the IP you want to log to. (I've always liked the idea of a home or office network being logged to the inside NAT broadcast address so any workstation can monitor logging, but I'm weird like that.)
Remove all lines that log to files.
And you're done.
- billn
On Tue, 13 Sep 2005, Albretch Mueller wrote:
Hi *,
I would like for system logs like the ones produced by the kernel, iptable (generally in /var/log/syslog), as well as anyother applications running in a Linux-based router to be processed by an ng-syslog client and just popped as UDP packets
I looked into http://www.campin.net/syslog-ng/faq.html and couldn't see any particular info on this specifically and I also search http://marc.theaimsgroup.com/?l=syslog-ng for 'stealth' and didn't get any hits (a search on 'UDP' would dump millions of hits on you ;-))
How could you do something like that?
Thanks Albretch
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html