[1941] in linux-security and linux-alert archive
[linux-security] Re: syslogd communication
daemon@ATHENA.MIT.EDU (Wouter Slegers)
Thu Jun 25 08:48:10 1998
Date: Thu, 25 Jun 1998 09:20:09 +0200
From: Wouter Slegers <wouter@stack.nl>
To: Rogier Wolff <R.E.Wolff@BitWizard.nl>, linux-security@redhat.com
In-Reply-To: <199806250534.HAA00966@cave.BitWizard.nl>; from Rogier Wolff on Thu, Jun 25, 1998 at 07:34:40AM +0200
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
Rogier Wolff wrote:
> There have been several replies on the syslogd question. All 2 to 4
> lines long. I therefore gathered them here.
>
> Roger.
Thank you for summerizing them!
One note though: AFAIK, all syslogs use UDP to transmit their messages
to another syslog (port 514 if I'm not mistaken). Although this is
efficient, it also means that delivery of this message is not
ensured. So your remotely gathered syslogs might miss entries (especially
when an attacker uses some network intensive attack).
Although no perfect solution, numbering (and preferbly authenticating)
the messages would allow you to at least detect missing messages.
Of course, use of serial lines or other dedicated networks helps,
as well as using ssh to set up a tunnel.
With kind regards,
Wouter Slegers
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null