[syslog-ng] Controlling Logging to Central Syslog-ng Server, DoS etc

nate nate at campin.net
Fri Sep 22 16:26:15 CEST 2006

On Fri, Sep 22, 2006 at 03:18:50PM +0100, Hari Sekhon wrote:
> After all, you couldn't somebody just write a loop to send garbage to it 
> and fill the whole machine up, not to mention drown out all other valid 
> logs so you miss any important events (oops, I am giving away too much 
> here?). I'm actually tempted to write an attack for this right now...

This is always a risk. It's obvious enough that it's not discussed much.
syslog-ng has tcp wrappers support, and you always have packet

You should certainly block unauthorized IPs, but your authorized IPs are
just as scary as the others. The miscreant will either be an authorized
user or have compromised an authorized account and will flood your
syslog server from there.

If you want to dicuss DoS, come up with a way to deal with that.

"Let us be thankful for the fools. But for them the rest of us could not 
succeed." - Following the Equator, Pudd'nhead Wilson's New Calendar - Samuel Clemens

More information about the syslog-ng mailing list