Re: syslog/postfix question

• Previous message: Tim Aslat: "Re: wmv to avi"
• In reply to: John Pettitt: "Re: syslog/postfix question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Wed, 30 Mar 2005 18:46:18 -0800
To: John Pettitt <jpp@cloudview.com>, freebsd-questions@freebsd.org

John Pettitt wrote:
>
> Kurt Buff wrote:
>
>
>>I've been perusing man syslog and man syslog.conf, and haven't gotten
>>my mind quite wrapped around it yet.
>>
>>I have 4 FBSD 5.3 servers on my network, each running postfix 2.x. One
>>is a mail gateway to our Exchange server, the others are just using
>>postifx for mailing out the daily/weekly/monthly/security logs, while
>>they perform their other duties.
>>
>>I want to have the normal logging (in this case /var/log/messages and
>>/var/log/maillog) happen both locally and sent to a remote syslog server.
>>
>>I haven't yet modified syslog.conf on any of these machines.
>>
>>Am I correct in believing that all I have to do to make this happen is
>>uncomment the line that says:
>>
>>#*.* @loghost
>>
>>and change @loghost to match my syslog server? That is, along with
>>making sure that name resolution works correctly, of course.
>>
>>
>
> On the sending end that's it. On the receiving host you need to make
> sure syslogd has the correct setting to receive the log packets. There
> are security upsides and downside to doing what you propose.
>
> Upside: logs are on a different box - hopefully a secure one - so you
> have a record of attacks against the other boxes.
>
> Downside: log packets are unencrypted UDP so a black hat may be able to
> sniff them and learn about system configuration.
>
> In the end I think the upside wins.
>
> John

That's what I needed to hear. I've been aware of the risks for a while -
I've got a syslogging client on my Windows servers. I want the
centralization - it makes research just that much easier.

Thanks for the help.

Kurt
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

• Previous message: Tim Aslat: "Re: wmv to avi"
• In reply to: John Pettitt: "Re: syslog/postfix question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: Need to implemet Syslog server ... >On my network I need to implement a Syslog server ... Pretty much everything but Windows will ... likely talk to syslog if told to, ... A great many other managed network devices support syslogging, ... (Security-Basics) [HPADM] SUMMARY: syslog redirection ... server is down, entries will be lost. ... Syslog sends over UDP on a "broadcast and forget" concept. ... information that is subject to United States laws and regulations. ... I'm being asked to route syslog messages to a central server. ... (HP-UX-Admin) Re: How to allow port 514? ... a packet filter allows traffic into the server itself. ... If you want to run your syslog on the server you would use a packet filter. ... In ISA Policy Elements, right click Protocol Definitions, ... in Publishing, right click Server ... (microsoft.public.windows.server.sbs) RE: Syslog Server on Debian Etch ... Syslog was working fine on the clients, I had it installed to a diff ... Is anyone else monitoring Juniper Netscreen firewalls? ... Syslog Server on Debian Etch ... (Debian-User) SUMMARY: forwarded syslog messages are missing originating hostname ... I am running Solaris 9 with the latest_recommended. ... to send their syslog messages to a central server, ... as a relay server to forward all syslog messages to a third server. ... originating servers hostname and state that they are only from the relay ... (SunManagers)