[TriLUG] Syslog.conf help
bp
bpevans at bellsouth.net
Fri Jun 20 09:25:29 EDT 2003
Jon Carnes wrote:
>On Thu, 2003-06-19 at 22:00, bp wrote:
>
>
>>I've been at google and the man pages some but still don't quite see
>>what I'm looking for.
>>
>>I have an WAP that can send it's logs to a remote loghost. I'd like to
>>setup my linux box to accept these log messages and store them in
>>/var/log/apmessages. I think I can config syslog.conf to do all this,
>>just haven't found the how yet.
>>
>>Anyone have a good primer or such a config or a good HOW-TO page?
>>
>>-bp
>>
>>
>>
>
>The syslogd daemon can be started with the "-r" option which tells the
>daemon to listen for incoming syslog messages. The port it listens on is
>514 and the protocol it accepts is UDP.
>http://www.linuxsecurity.com/feature_stories/feature_story-138.html
>
>
>Explaination of Remote Syslog
>http://www.cse.msu.edu/~westrant/symlink/pages/HoneynetDocs/remote-syslog.htm
>
>
>Complete Reference Guide to Creating a Remote Log Server
>http://www.linuxsecurity.com/feature_stories/feature_story-64.html
>
Thanks Jon!
It's accepting logs now! I see my AP dropping in three entries:
Jun 20 09:10:29 Itchy sshd(pam_unix)[12392]: session opened for user
root by (uid=0)
Jun 20 09:12:18 192.168.0.254 Wireless PC Connected Mac: 00-06-25-28-65-d6
Jun 20 09:12:21 host254-null.null.bellsouth.net System Start
Jun 20 09:12:22 192.168.0.254 Wireless PC Connected Mac: 00-06-25-28-65-d6
I've read the three links you sent but didn't see a way I could setup
syslog.conf to filter all these AP request to a file of my choice, say
/var/log/apmessages? Any help their?
Also, I see my AP has the option to enable|disable SSID broadcasts? How
less secure is it to enable ssid broadcast (fyi: factory default to enable?)
Thanks. -bp
More information about the TriLUG
mailing list