On Sep 20, 2011, [email protected] wrote: > Just an idea that I've been playing with on and off for a while.. > > Fwknop functions nicely as a secure method of sending syslog to a > host across the internet. This could be useful if setting up a > machine temporarily and needing to send the logs somewhere where > they couldn't be intercepted. There would still be a problem of a > party being able to block the packets though, so this would only be > useful as a way of recording things, rather than to depend on for > alerting. > > Using the cmd feature, I was able to have messages logged into a > remote system's syslog. Since SPA supports PGP and doesn't require > an internet-facing host to have any ports open, this could be a > useful way to transmit live log information that be protected from > spoofing or being intercepted en-route. > > A fifo and a script with the fwknop client can facilitate > redirection of syslog from a machine to the receiving host, where > the messages will end up in that machine's syslog, if the SPA is > correctly decrypted. There might be a more secure way than fifo > since all the usual security risks would need to be considered when > sending to a logfile somewhere.
Interesting idea. When you say that you used the cmd mode, did you somehow encode the syslog data itself within an SPA packet so that it was encrypted en-route? Or was the SPA packet sent in order to open up a syslog listener through an otherwise default drop packet filter, and then the syslog data followed? Thanks, --Mike > I did start putting together some code for this and then got > distracted/busy...it did seem to be fairly simple to get going but > probably could be set up in a much more elegant and configurable > way.. > > Mart > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and makes > sense of it. Business sense. IT sense. Common sense. > http://p.sf.net/sfu/splunk-d2dcopy1 > _______________________________________________ > Fwknop-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
