from the secret journal of Andy Bastien ([EMAIL PROTECTED]): > > Another technique is to use a separate logging server which has the > transmit leads on it's ethernet connection snipped. It's capable of > receiving (via UDP only, since it can't ACK!) log entries, but it's > virtually impossible to start an interactive session remotely to shut > it down or otherwise interfere with it. It's possible to attack the
It also can't arp. You'll need to prime the arp cache from a file for every host that needs immutable logs. Have you tried this? I wonder if you'll even get a link light. A syslog that strips formfeeds and line feeds attached to a printer is a little better, but I haven't found an efficient way to egrep with my eyes. -- Jacob Kuntz [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] http://underworld.net/~jake