[syslog-ng] Controlling Logging to Central Syslog-ng Server, DoS etc
hpsekhon at googlemail.com
Fri Sep 22 16:18:50 CEST 2006
What is the best way to control logging to my central log server?
I have read syslog-ng docs quite a lot when I was first setting it up
but I don't recall seeing anything on access control.
Doesn't this leave me open to DoS attacks etc?
After all, you couldn't somebody just write a loop to send garbage to it
and fill the whole machine up, not to mention drown out all other valid
logs so you miss any important events (oops, I am giving away too much
here?). I'm actually tempted to write an attack for this right now...
So what do I do to stop some other person from doing this to me?
I guess I could use iptables to make sure that only authorized ips can
connect to my tcp and udp ports. Is there a better way I haven't thought of?
More information about the syslog-ng