[1941] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: syslogd communication

daemon@ATHENA.MIT.EDU (Wouter Slegers)
Thu Jun 25 08:48:10 1998

Date: Thu, 25 Jun 1998 09:20:09 +0200
From: Wouter Slegers <wouter@stack.nl>
To: Rogier Wolff <R.E.Wolff@BitWizard.nl>, linux-security@redhat.com
In-Reply-To: <199806250534.HAA00966@cave.BitWizard.nl>; from Rogier Wolff on Thu, Jun 25, 1998 at 07:34:40AM +0200
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com

Rogier Wolff wrote:
> There have been several replies on the syslogd question. All 2 to 4
> lines long. I therefore gathered them here.
> 
> 				Roger.
Thank you for summerizing them!

One note though: AFAIK, all syslogs use UDP to transmit their messages
to another syslog (port 514 if I'm not mistaken). Although this is
efficient, it also means that delivery of this message is not
ensured. So your remotely gathered syslogs might miss entries (especially
when an attacker uses some network intensive attack).

Although no perfect solution, numbering (and preferbly authenticating)
the messages would allow you to at least detect missing messages.
Of course, use of serial lines or other dedicated networks helps,
as well as using ssh to set up a tunnel.

With kind regards,
Wouter Slegers

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post