Re: securely access to application logs

From: harv (harvtokyo_at_gmail.com)
Date: 02/17/05

• Next message: Marcin Dobrucki: "Re: Ldap question"
• Previous message: semovrs_at_concord.edu: "Re: send email from an IP that is aliased"
• In reply to: kona_iron_at_yahoo.fr: "securely access to application logs"
• Next in thread: kona_iron_at_yahoo.fr: "Re: securely access to application logs"
• Reply: kona_iron_at_yahoo.fr: "Re: securely access to application logs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: 17 Feb 2005 02:00:40 +0100

kona_iron@yahoo.fr wrote:
> Hello,
> We have a lot of Solaris servers with each multiple applications that
> generate application logs.
> Some application logs have to be read by "non privilege" users.
> We can not give direct accesse on these logs. So the idea is to have a
> log server.
> These applications do not use syslog. So it is not easy to export these
> logs to amother servers.
> What do you suggest me ?
> We need a solution as secure as possible. So no NFS or Samba
>
> Thank's a lot for any advices
>
How about using "logger" and sending to a syslog server... bit like this:
logger -p local1.notice -t APPSERV01 -f /path/logfile
should read the file "/path/logfile" line by line and sent it to syslog
with the priority of "local1.notice" and tag with "APPSERV01"
Then setup syslog for remote logging for local1.notice etc.

Might have to get a little more tricky doing something like:

cat <logfile> >> <store log> && logger -p local0.notice -t APPSERV01 -f
<logfile> && cat /dev/nul > <logfile>

Giving you a full set of log on the application server <store log> and a
  running log to send to syslog.

Wack it in cron and your away.

Other possible options I can think of:
Is replacing the application log file with a named pipe and running the
logger command on that.
Or even use scp to go and get the files every 5 mins or so if realtime
is not that important.

-Harv

---

• Next message: Marcin Dobrucki: "Re: Ldap question"
• Previous message: semovrs_at_concord.edu: "Re: send email from an IP that is aliased"
• In reply to: kona_iron_at_yahoo.fr: "securely access to application logs"
• Next in thread: kona_iron_at_yahoo.fr: "Re: securely access to application logs"
• Reply: kona_iron_at_yahoo.fr: "Re: securely access to application logs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages Re: Need to implemet Syslog server ... >On my network I need to implement a Syslog server ... Pretty much everything but Windows will ... likely talk to syslog if told to, ... A great many other managed network devices support syslogging, ... (Security-Basics) [HPADM] SUMMARY: syslog redirection ... server is down, entries will be lost. ... Syslog sends over UDP on a "broadcast and forget" concept. ... information that is subject to United States laws and regulations. ... I'm being asked to route syslog messages to a central server. ... (HP-UX-Admin) Re: How to allow port 514? ... a packet filter allows traffic into the server itself. ... If you want to run your syslog on the server you would use a packet filter. ... In ISA Policy Elements, right click Protocol Definitions, ... in Publishing, right click Server ... (microsoft.public.windows.server.sbs) RE: Syslog Server on Debian Etch ... Syslog was working fine on the clients, I had it installed to a diff ... Is anyone else monitoring Juniper Netscreen firewalls? ... Syslog Server on Debian Etch ... (Debian-User) SUMMARY: forwarded syslog messages are missing originating hostname ... I am running Solaris 9 with the latest_recommended. ... to send their syslog messages to a central server, ... as a relay server to forward all syslog messages to a third server. ... originating servers hostname and state that they are only from the relay ... (SunManagers)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

unix.derkeiler.com  > Newsgroups  > comp.unix.admin  > 2005-02