13 Sep
2005
13 Sep
'05
9:46 p.m.
I missed the beginning of the thread - but psyslogd may be what you are after. It's a sniffer that runs in promiscuous mode and listens exclusively for UDP syslog packets. It is basically a syslog daemon that doesn't need an IP address. Perfect to install on IDS servers that are monitoring traffic from - say - a DMZ. Get the other DMZ hosts to support syslog and to send their syslog events to 255.255.255.255 - and psyslogd will catch it. Any hacker won't be able to tell where it is :-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1