----- Original Message -----
From: Bennett Samowich <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 14, 2000 2:36 PM
Subject: Re: Perl on firewall
<snip>
> As far as interpreting logs, you can use the suggestion of ssh'ing
them to
> another system, or have them out put to another machine via a serial
> port. I have done this as a demonstration once. We used a 486 as the
> firewall that sent log entries (mostly via syslog) out /dev/ttyXX
which was
> connected to another machine that constantly read from its serial
port. I
> should also note that this logging server was never attached to the
network
> either.
>
This is very easy to do, I have done this sort of thing before in a live
situation (any more details about the setup would probably get my butt
kicked by my last employer ;)
(assuming that you are running Linux - other unix derivitives will
probably need to change the device name)
edit your /etc/syslog.conf and append this:
*.* <tabs!!!> /dev/ttyS1
to make everything log out to /dev/ttyS1 (a serial port). this is also
a good thing to output to a tty as well, just change ttyS1 to tty10 or
something. on the receiving end, just cat the receiving serial port,
eg:
cat /dev/ttyS1
and this will display all the logs that come out of your firewall. if
this doesn't work, you'll have to play around with setserial a bit, but
i didn't have to. to do anything useful with this, you will have to do
something like the following:
cat /dev/ttyS1 > /some/log/file
or even
cat /dev/ttyS1 | somelogfilecheckingprogramyouwrote
one more idea would be to stick a multi-port serial card in the logging
box, and have it log all your servers in this way - centralising the
logs. As mentioned above, if this logging station is never connected to
the network, it can never be compromised. You may even want to put in a
'heartbeat' that the logging station catches, and notifies you if it
stops for any reason.
Just a couple of ideas and some know-how for everyone to digest
Flames more than welcome - i'm in a good mood ;)
---
Joel Michael
System Administrator
Diggy Internet Services
90 Petrie Terrace
Brisbane Qld 4000
Australia
Ph: +61 7 3367 3555
Fax: +61 7 3367 3544
Mob: 0401 039 462
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
