Re: Syslog events

[Nathaniel Hall <halln () otc edu>]

I am unsure about file permissions, but I can tell you what we do with 
our syslog server.  We have approximatly 70 servers, 15 of which log to 
the syslog server (all Linux servers and a firewall).  To prevent not 
logging an event we want, we send all syslog messages (*.*) to the 
logging server.  From there, we split the different types of logs into 
the different files.  If you do this, make sure you watch the server 
load and make sure that messages are not being dropped or lost due to 
too many messages being sent on a small pipe or on a slow network.

Nathaniel Hall, GSEC
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking

halln () otc edu
417-447-7535



Juan B wrote:

> Hi,
>
> I set up a syslog server on my network.
>
> on the linux machines I put the line:
>
> security.*     @loghost 
>
> know when I issue the command (for example) su- 
> i see an event on the syslog. I want that also file
> permmissions will be loged in the syslog. also,what do
> you think I need to log to the syslog? on windows and
> linux machines ( hope it wont kill my syslog).
>
> thnaks,
>
>
>                 
> __________________________________ 
> Do you Yahoo!? 
> The all-new My Yahoo! - What will yours do?
> http://my.yahoo.com 
>