Sunday, June 15, 2008

Logging on a remote server with syslog

Hi, it is a good security feature to log in a remote host, because an attacker should have access to that host to delete the logs, and this adds another security layer to the architecture you build.

Linux logging facilities are managed mostly by the syslog Daemon. Syslog uses the configuration file /etc/syslog.conf to know where to log every system message.

If you want to log in a remote host, you would add this line to syslog.conf

auth.*; authpriv.* @192.168.100.7

It is required that the syslog daemon is started in the 192.168.100.7 host and it should also, be listening for messages thay come from the network. It is important that you know that this feature is by default "off". You have to start syslog with a "-r" argument to enable this.

To force syslog to re-read syslog.conf, send a SIGHUP signal to syslog.

Happy logging !
Publicado por Eng. Walter Lamagna en 7:30 PM

1 comentarios:

Charanjit Cheema said...

Great information thanks i was surching this syslog method. Thanks...

RGD
Charanjit Cheema

4:27 PM

Post a Comment

Subscribe to: Post Comments (Atom)