On Sat, 23 Nov 2024 06:31:32 +0000
Van Ly <[email protected]> wrote:
>
> Sad Clouds <[email protected]> writes:
>
> I was
> > thinking of copying logs via ssh to a central storage,
>
> You could write logs on an imported nfs mount that is encrypted through
> a tunnel.
>
> --
> vl
Hi, I've thought about it, but SSH with keys or syslog via TLS would
probably be simpler and more secure.
I'm learning how to setup email alerts for different scenarios. One of
them may look something like this:
Internet
|
VM1---+ | +--- Web
VM2---|--- Firewall ---|--- Mail
VM3---+ +--- DNS
<-LAN-> <---DMZ--->
VMs are on a secure LAN and have no access to the Internet. Each VM
would probably need to relay local mail through the Mail gateway in
DMZ. Only authenticated VMs should be able to do that, so perhaps I
would need to filter access based on IP addresses, or use SASL
authentication. SASL would be better, as it may be more robust and is
not impacted by dynamic/changing IP addresses/subnets, etc.
