[834] in Intrusion Detection Systems
Re: Remote Logging
daemon@ATHENA.MIT.EDU (Gene Spafford)
Mon Jan 6 07:30:59 1997
To: ids@uow.edu.au
In-Reply-To: Message from Mike <cryption@poboxes.com> of
"Mon, 02 Dec 1996 21:39:04 -0500"
<2.2.32.19961203023904.0068cec0@pop3.ziplink.net>
Date: Sun, 08 Dec 1996 19:47:34 -0500
From: spaf@cs.purdue.edu (Gene Spafford)
Reply-To: ids@uow.edu.au
[ Moderator Note: This message was previously truncated - due to a period `.'
incorrectly placed at the begginging of a line. Computer Risks B) ]
> I caught some of the conversation on audit trails and the likes, and wanted
> to know if anyone knows any FAQ's, web pages, or books..etc, that explain a
> bit on how one could have local log files, and also log the same info
> remotely, making it a great deal harder for an intruder to erase his prescense.
>
Chapter 10 of "Practical Unix & Internet Security" (O'Reilly &
Associates, 1996) contains a fairly full description of the various
log files on most vesions of Unix, and about methods of replicating
logs to a printer or remotely.
The rest of the book also provides an in-depth treatment of about
9/10s of the material that seems to get discussed again and again in
these mailing lists. A lot of things could be answered if people
would simply read their manuals or read the book.
Of course, I am a bit biased -- I did spend almost a year helping to
write the book. :-)
It makes a great Christmas stocking stuffer (if you have big
stockings). See <http://www.ora.com/item/pus2.html> for more details.
--spaf
