[823] in Intrusion Detection Systems
Re: Remote Logging
daemon@ATHENA.MIT.EDU (IO ERROR)
Fri Dec 27 01:36:35 1996
Date: Tue, 17 Dec 1996 16:56:49 -0600 (CST)
From: IO ERROR <error@error.net>
To: ids@uow.edu.au
In-Reply-To: <199612111236.HAA06095@smooth.internic.net>
Reply-To: ids@uow.edu.au
On Wed, 11 Dec 1996, Allwyn F Crichlow wrote:
> Writing to the "@hostname" sends it to the syslogd of the host specified
> I haven't tried but can you have send to "@hostname" and have it copy to
> a file via /etc/syslogd.conf?
Any BSD-derived syslogd (and most of the rest, I think) is capable of this. My
problem occurred when I discovered that the local University system to which I
was going to do logging had a firewall blocking UDP traffic on port 514
(syslog). Which means they can't log to my system, either, despite the desire
to do so.
Moral: Check your firewalls and filtering routers, and make sure this traffic
can get through (but that it can't be spoofed).
> % As a bit of help, Solaris's syslogd can very easily log information
> % locally as well as send it to remote machines. The man pages are
> % actually pretty good, believe it or not, but the general idea is that you
> % specify type of message(es) just as normal, but instead of giving it a
> % file name to append to or a username to "write" to, you give it a remote
> % host, with the syntax of "@hostname" and it will send each message of the
> % specified facility.level to that host. That host will then deal with the
> % message according to it's own /etc/syslogd.conf file.
--
Michael Hampton Crossroads Communications System Administrator
error@error.net 318 E Burlington, Iowa City, IA 52240 (319) 354-6614
