Kurt Buff wrote:
I've been perusing man syslog and man syslog.conf, and haven't gotten my mind quite wrapped around it yet.
I have 4 FBSD 5.3 servers on my network, each running postfix 2.x. One is a mail gateway to our Exchange server, the others are just using postifx for mailing out the daily/weekly/monthly/security logs, while they perform their other duties.
I want to have the normal logging (in this case /var/log/messages and /var/log/maillog) happen both locally and sent to a remote syslog server.
I haven't yet modified syslog.conf on any of these machines.
Am I correct in believing that all I have to do to make this happen is uncomment the line that says:
#*.* @loghost
and change @loghost to match my syslog server? That is, along with making sure that name resolution works correctly, of course.
On the sending end that's it. On the receiving host you need to make sure syslogd has the correct setting to receive the log packets. There are security upsides and downside to doing what you propose.
Upside: logs are on a different box - hopefully a secure one - so you have a record of attacks against the other boxes.
Downside: log packets are unencrypted UDP so a black hat may be able to sniff them and learn about system configuration.
In the end I think the upside wins.
John
That's what I needed to hear. I've been aware of the risks for a while - I've got a syslogging client on my Windows servers. I want the centralization - it makes research just that much easier.
Thanks for the help.
Kurt _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
