[TriLUG] Syslog server

Scott Morris scmorris at ifndef.com
Thu Nov 8 11:10:10 EST 2001


> Anyone have a really good (secure) way to set-up a syslog server, before
> I delve into How-tos and whatnot?  Here's the plan:
> 
> System A reports its logs to System B.
> System B acts as a desktop workstation (though not installed that way)
> already, and reports its own logs via e-mail.
> 
> I want to make sure that I have two separate and distinct logs coming
> from System B: System A's and System B's.
> 

Someone already mentioned that you need a -r for the syslog server.
This in on linux, solaris syslog will accept logs from another machine
by default.

Another thing to be aware of, that i ran into on my syslog server:
On your syslog server you want to set the level (*.debug, *.info ) to
match the lowest level of the syslog client. If machine A. in your example
logs *.info and your syslog server logs a higher level (*.crit for
example), syslogd will discard all lower level logs from machine A.

Syslog by default isn't secure. If you want to explore that option i'd
search for syslog on freshmeat.net or something.

You mentioned your syslog server will be emailing its logs.
Heres a nifty little tool that will run through the logs for you
and flag an strange activities or login violations...
http://www.psionic.com/abacus/logcheck


-- 
Scott Morris
scmorris at ifndef.com
Any similarities to reality are purely coincidental.
Get my PGP public key: http://www.sackheads.org/~scmorris/publickey.asc





More information about the TriLUG mailing list