[syslog-ng] ng-syslog logging in a stealth mode
Jason Haar
Jason.Haar at trimble.co.nz
Tue Sep 13 21:46:49 CEST 2005
I missed the beginning of the thread - but psyslogd may be what you are
after.
It's a sniffer that runs in promiscuous mode and listens exclusively for
UDP syslog packets. It is basically a syslog daemon that doesn't need an
IP address. Perfect to install on IDS servers that are monitoring
traffic from - say - a DMZ. Get the other DMZ hosts to support syslog
and to send their syslog events to 255.255.255.255 - and psyslogd will
catch it. Any hacker won't be able to tell where it is :-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
More information about the syslog-ng
mailing list