Honeypots mailing list archives
Re: Send strace output through syslog-ng
From: Chris Brenton <cbrenton () chrisbrenton org>
Date: Tue, 04 Aug 2009 20:33:20 -0400
Hey man, On Tue, 2009-08-04 at 12:38 -0700, BB@umd wrote:
Then, on my honeypot, I have a strace command attached to my ssh server. It gathers strace outputs in a strace.log file. Here is this command : strace -f -q -p `cat /var/run/sshd.pid` -o /var/log/strace.log & Now, I would like to send the strace output (/var/log/strace.log) to my server through syslog-ng.
What about something like: tail -f /var/log/strace.log | logger -p <facility> &
However, now, on the server side, I do not know how to configure syslog-ng in order to retrieve this strace output only.
In the above command you need to specify an unused facility. Then on the server simply tell syslog-ng which file it should use for storing log entries with the above specified facility (this can be a new unique file). You are suppose to use one of the "local use" facilities for stuff like this, but I run into conflicts far too often. Instead I like to use the facilities "news", "uucp" or similar that I know will never get run on my network. Potential conflict solved. ;-) HTH, C --- www.chrisbrenton.org
Current thread:
- Send strace output through syslog-ng BB@umd (Aug 04)
- Re: Send strace output through syslog-ng Chris Brenton (Aug 04)
- Re: Send strace output through syslog-ng Gergely RĂ©vay (Aug 05)
- Re: Send strace output through syslog-ng BB@umd (Aug 05)