[syslog-ng] ng-syslog logging in a stealth mode
SheBang
infosec at gmail.com
Tue Sep 13 18:20:29 CEST 2005
Great idea, but running in stealth mode isn't a function of syslog-ng, it's
a function of a network capture tool such as tcpdump or ngrep. Use these
tools (or something like them) to capture the traffic and perhaps dump the
syslog contents to a file (need to do a little scripting here perhaps,
though not much) and have syslog-ng read from that file.
On 9/13/05, Albretch Mueller <lbrtchx at hotmail.com> wrote:
>
> Hi *,
>
> I would like for system logs like the ones produced by the kernel, iptable
> (generally in /var/log/syslog), as well as anyother applications running
> in
> a Linux-based router to be processed by an ng-syslog client and just
> popped
> as UDP packets
>
> I looked into http://www.campin.net/syslog-ng/faq.html and couldn't see
> any
> particular info on this specifically and I also search
> http://marc.theaimsgroup.com/?l=syslog-ng for 'stealth' and didn't get any
> hits (a search on 'UDP' would dump millions of hits on you ;-))
>
> How could you do something like that?
>
> Thanks
> Albretch
>
>
> _______________________________________________
> syslog-ng maillist - syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20050913/a8e80311/attachment.htm
More information about the syslog-ng
mailing list