Honeypots mailing list archives
Send strace output through syslog-ng
From: "BB@umd" <bbenard () umd edu>
Date: Tue, 4 Aug 2009 12:38:09 -0700 (PDT)
Good afternoon. I have a honeypot which syslog-ng running. I configured it so that it can send all the log files to a remote web server. (So that mean I have already configured syslog-ng on this web server too) No matter with that, it works great. Then, on my honeypot, I have a strace command attached to my ssh server. It gathers strace outputs in a strace.log file. Here is this command : strace -f -q -p `cat /var/run/sshd.pid` -o /var/log/strace.log & Now, I would like to send the strace output (/var/log/strace.log) to my server through syslog-ng. So, on my honeypot, I added the following in my syslog-ng.conf in the source section: file ("/var/log/strace.log"). However, now, on the server side, I do not know how to configure syslog-ng in order to retrieve this strace output only. Is there a special filter for strace in syslog-ng ? (Usually, for example, I am using "filter { facility(auth);};" to filter auth.log : so is there something similar with strace ?) Regards, BB -- View this message in context: http://www.nabble.com/Send-strace-output-through-syslog-ng-tp24814871p24814871.html Sent from the Honeypots mailing list archive at Nabble.com.
Current thread:
- Send strace output through syslog-ng BB@umd (Aug 04)
- Re: Send strace output through syslog-ng Chris Brenton (Aug 04)
- Re: Send strace output through syslog-ng Gergely RĂ©vay (Aug 05)
- Re: Send strace output through syslog-ng BB@umd (Aug 05)