[syslog-ng] Controlling Logging to Central Syslog-ng Server, DoS etc

Hari Sekhon hpsekhon at googlemail.com
Fri Sep 22 16:18:50 CEST 2006

Hi all,

What is the best way to control logging to my central log server?

I have read syslog-ng docs quite a lot when I was first setting it up 
but I don't recall seeing anything on access control.

Doesn't this leave me open to DoS attacks etc?

After all, you couldn't somebody just write a loop to send garbage to it 
and fill the whole machine up, not to mention drown out all other valid 
logs so you miss any important events (oops, I am giving away too much 
here?). I'm actually tempted to write an attack for this right now...

So what do I do to stop some other person from doing this to me?
I guess I could use iptables to make sure that only authorized ips can 
connect to my tcp and udp ports. Is there a better way I haven't thought of?


Hari Sekhon

More information about the syslog-ng mailing list