[syslog-ng] ng-syslog logging in a stealth mode
Bill Nash
billn at billn.net
Wed Sep 14 03:19:13 CEST 2005
You mean..
Log all activity on the box and forward it off to another device, storing
nothing locally?
Declare a source of /dev/log.
Declare a sole udp destination of the IP you want to log to. (I've always
liked the idea of a home or office network being logged to the inside NAT
broadcast address so any workstation can monitor logging, but I'm weird
like that.)
Remove all lines that log to files.
And you're done.
- billn
On Tue, 13 Sep 2005, Albretch Mueller wrote:
> Hi *,
>
> I would like for system logs like the ones produced by the kernel, iptable
> (generally in /var/log/syslog), as well as anyother applications running in a
> Linux-based router to be processed by an ng-syslog client and just popped as
> UDP packets
>
> I looked into http://www.campin.net/syslog-ng/faq.html and couldn't see any
> particular info on this specifically and I also search
> http://marc.theaimsgroup.com/?l=syslog-ng for 'stealth' and didn't get any
> hits (a search on 'UDP' would dump millions of hits on you ;-))
>
> How could you do something like that?
>
> Thanks
> Albretch
>
>
> _______________________________________________
> syslog-ng maillist - syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>
More information about the syslog-ng
mailing list