dagmar.wants at nospam.com
Wed Feb 18 02:06:48 PST 2004
On Wed, 2004-02-18 at 02:23, Charles Winebrinner wrote:
> How are you planning on implementing the remote logging? I currently
> have some of my logs sent to another computer on my LAN using syslog,
> but I also know that this method is somewhat insecure. Sending the
> logs to a remote computer without storing them to the local hard drive
> would definitely have it's advantages, as long as they are sent in a
> secure manner and the security of the remote computer is also good.
There's nothing severely wrong with using something like FreeS/WAN to
send the data over a VPN tunnel, but there are minor flaws in doing so
and not storing the log data locally... For one, if someone can scramble
the VPN tunnel (not insanely difficult) you'll wind up losing log data
while it's down, and then they can do whatever they want to that host
without you ever finding out.
A somewhat simpler way to reduce the risk of someone gaining access to a
lengthy system activity log is to implent a cron job on your log
collector host, and merely have it scp out the daily log data, and scp
in a marker to let a script on the local host determine whether or not
it's safe to destroy the original. Adjust the period to suit.
Remember, without log data, you can't really detect something that you
would otherwise maybe wanted to have known about, so system logs must be
a _complete_ accounting of activity.
The email address above is phony because my penis is already large enough, kthx.
AIM: evilDagmar Jabber: evilDagmar at jabber.org
More information about the hlfs-dev