On Sat, 1 Dec 2001, Tony wrote: > > I guess I don't completely understand why you need a JFFS for > something that under normal circumstances, isn't written to > physically. If you have a crash/powerdown situation, with resumtion > of service, you just reload your image and continue to > firewall/route. Would the JFFS be in play to preserve the logs? > If so, wouldn't it be easier/safer/more secure to forward them to an > internal syslog server? >
I like doing this, but there are concerns with doing it in anything less than a perfectly trusted environment: If your log host is unavailable, you're not logging; if malicious listeners are on the LAN, they can see everything you log (could be quite useful when scanning or rooting a server); if malicious users are on the LAN, they can flood the listening syslog server and prevent real logs from getting through. syslog-ng is supposed to fix a lot of these problems, but I've never gotten around to taking a look at it. -- Jack Coates Monkeynoodle: A Scientific Venture... _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user