Just an idea that I've been playing with on and off for a while.. Fwknop functions nicely as a secure method of sending syslog to a host across the internet. This could be useful if setting up a machine temporarily and needing to send the logs somewhere where they couldn't be intercepted. There would still be a problem of a party being able to block the packets though, so this would only be useful as a way of recording things, rather than to depend on for alerting.
Using the cmd feature, I was able to have messages logged into a remote system's syslog. Since SPA supports PGP and doesn't require an internet-facing host to have any ports open, this could be a useful way to transmit live log information that be protected from spoofing or being intercepted en-route. A fifo and a script with the fwknop client can facilitate redirection of syslog from a machine to the receiving host, where the messages will end up in that machine's syslog, if the SPA is correctly decrypted. There might be a more secure way than fifo since all the usual security risks would need to be considered when sending to a logfile somewhere. I did start putting together some code for this and then got distracted/busy...it did seem to be fairly simple to get going but probably could be set up in a much more elegant and configurable way.. Mart ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
