heya, I have a number of different networks under my control and I am sure like many other people on this list, they are not all routable from one to the other. My problem is that I would like to have a central syslog server that all our machines log back to (yes I know there are other architectures I can use to get around this problem but for the moment I want to try to do it like this for some particular reasons). Given that there is no one network that can route to all others or visa versa, I am wondering what type of udp relays people in similar situations use. I should say that on each network there is in effect at least one machine that has visibility of another network, thus meaning you CAN get from one network to another so long as you authenticate to a socks/ firewall first. I have looked about for some good udp relays but I cant really find any. As far as I can tell syslog-ng doesnt support socks so I am looking for alternatives ... regards, -------------------- Benjamin Smee Technical Specialist Optus Business Operations (NAC) "YES" OPTUS ben.smee@optus.net.au Tel: +61-2-93420091 Fax: +61-2-93420998 Perilous to all of us are the devices of an art deeper than we possess ourselves. -- Gandalf the White
On Thu, Nov 15, 2001 at 11:05:31AM +1100, Ben Smee wrote:
heya,
I have a number of different networks under my control and I am sure like many other people on this list, they are not all routable from one to the other. My problem is that I would like to have a central syslog server that all our machines log back to (yes I know there are other architectures I can use to get around this problem but for the moment I want to try to do it like this for some particular reasons). Given that there is no one network that can route to all others or visa versa, I am wondering what type of udp relays people in similar situations use. I should say that on each network there is in effect at least one machine that has visibility of another network, thus meaning you CAN get from one network to another so long as you authenticate to a socks/ firewall first.
I have looked about for some good udp relays but I cant really find any. As far as I can tell syslog-ng doesnt support socks so I am looking for alternatives ...
If you can write a netcat that supports socks, that is one option. Have syslog-ng log to the program, and it can handle socks. I am not all that familiar with SOCKS, but since, from what you say above, it supports UDP then it should be a simple matter to tag each syslog-ng packet with the correct authentication. SSH (the SSH Communications Security Inc version atleast) supports SOCKS, you could have ssh port forward from the loopback device on each loghost. The direction of the ssh connection I leave up to you (there is no reason it couldn't come from your central loghost). I imagine the OpenSSH supports SOCKS as well. The draw back is this would force you to use TCP, not UDP. IPSEC or IPv6 (using the security features) could be using to create a VPN tunnel, or atleast a tunnel for your UDP traffic. IPSEC ships with most OSes these days (if not as feature rich as you want, it should atleast get the job done). There is also an IPv6 tunnel program called 6tunnel (I think that is what its called). The latter doesn't address your SOCKS concerns, but is frankly a supperior solution than SOCKS (stong cryptography on each packet and content encryption). Alas that doesn't help you if the box(es) running SOCKS don't support IPSEC or IPv6. :) I imagine there is something that could be done with SSL, but I hate SSL I have never really explored that option. Anyone know if stunnel or sslwrap supports SOCKS? ---------------------------------------------------------------------------- __o Bradley Arlt Email: arlt@cpsc.ucalgary.ca o__ _ \<_ WWW: www.acs.ucalgary.ca/~bdarlt _>/ _ (_)/(_) -Eat well, sleep peacefully, drink lots, and ride like hell. (_)\(_)
participants (2)
-
Ben Smee
-
Brad Arlt