Hi, On Mon, Aug 16, 1999 at 11:35:06AM -0400, Jamie Orzechowski wrote:
Hi There ... I have your AWSOME syslog-ng installed and just have a few questions
1) does it log TCP/UDP ?? .. so I can log port scans and attacks on my machine ...
syslog-ng listens on an UDP or TCP socket to get log messages from the network. It's not a portscan detection tool. For portscan detection you could use tcplogd, or ippl.
2) I need a config line to send all the logs to another host (I have abackup logging host)
It's not a problem, but the needed source declaration depends on the platform you are trying to run syslog-ng. On a Linux box all local messages are sent to a UNIX SOCK_STREAM socket named /dev/log. On other operating systems, this can be something else. So to send all messages to another host from a Linux system use: source src { unix-stream("/dev/log"); internal(); }; destination all { udp("xxx.xxx.xxx.xxx"); }; log { source src; destination all; }; Substitute the IP address of your loghost to xxx.xxx.xxx.xxx. You could use a hostname as well, but syslog-ng has to be able to resolv this name upon startup. (e.g. you have to include it in your /etc/hosts file) -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt