[TriLUG] Syslog server
Thu, 8 Nov 2001 10:10:10 -0600 (CST)
> Anyone have a really good (secure) way to set-up a syslog server, before
> I delve into How-tos and whatnot? Here's the plan:
> System A reports its logs to System B.
> System B acts as a desktop workstation (though not installed that way)
> already, and reports its own logs via e-mail.
> I want to make sure that I have two separate and distinct logs coming
> from System B: System A's and System B's.
Someone already mentioned that you need a -r for the syslog server.
This in on linux, solaris syslog will accept logs from another machine
Another thing to be aware of, that i ran into on my syslog server:
On your syslog server you want to set the level (*.debug, *.info ) to
match the lowest level of the syslog client. If machine A. in your example
logs *.info and your syslog server logs a higher level (*.crit for
example), syslogd will discard all lower level logs from machine A.
Syslog by default isn't secure. If you want to explore that option i'd
search for syslog on freshmeat.net or something.
You mentioned your syslog server will be emailing its logs.
Heres a nifty little tool that will run through the logs for you
and flag an strange activities or login violations...
Any similarities to reality are purely coincidental.
Get my PGP public key: http://www.sackheads.org/~scmorris/publickey.asc