> I like doing this, but there are concerns with doing it in anything less > than a perfectly trusted environment: If your log host is unavailable, > you're not logging; if malicious listeners are on the LAN, they can see > everything you log (could be quite useful when scanning or rooting a > server); if malicious users are on the LAN, they can flood the listening > syslog server and prevent real logs from getting through. > > syslog-ng is supposed to fix a lot of these problems, but I've never > gotten around to taking a look at it.
Or just grab a bunch of multi-port serial cards from e-bay, and setup a log-host using serial links. You can keep the log host disconnected from the net entirely (or more likely, keep it's interface un-configured, and bring it up/down manually if you ever need to network). I've got a bunch of serial cards I picked up for about $5 each, just no time to make it go :( Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
