[805] in Intrusion Detection Systems
Re: Remote Logging
daemon@ATHENA.MIT.EDU (Al Venz)
Wed Dec 11 03:17:27 1996
Date: Thu, 5 Dec 1996 11:54:13 -0600 (CST)
From: Al Venz <venz@psa.pencom.com>
To: ids@uow.edu.au
In-Reply-To: <2.2.32.19961203023904.0068cec0@pop3.ziplink.net>
Reply-To: ids@uow.edu.au
Hi Micheal,
As a bit of help, Solaris's syslogd can very easily log information
locally as well as send it to remote machines. The man pages are
actually pretty good, believe it or not, but the general idea is that you
specify type of message(es) just as normal, but instead of giving it a
file name to append to or a username to "write" to, you give it a remote
host, with the syntax of "@hostname" and it will send each message of the
specified facility.level to that host. That host will then deal with the
message according to it's own /etc/syslogd.conf file.
Good luck!
Al
On Mon, 2 Dec 1996, Mike wrote:
> I caught some of the conversation on audit trails and the likes, and wanted
> to know if anyone knows any FAQ's, web pages, or books..etc, that explain a
> bit on how one could have local log files, and also log the same info
> remotely, making it a great deal harder for an intruder to erase his prescense
