RE: Syslog over Internet

["DeGennaro, Gregory" <Gregory_DeGennaro () csaa com>]

Not a very good idea for two reasons;

1)  You could get syslog bombed - a form of DoS.
2)  Sensitive information, like IP addresses and DNS (machine)names, are
listed in Syslog.
3)  I, and others will agree, that security information should stay within
the company for many reasons such as confidentiality, easier to access,
validity of the logs, and etc.

If you have to absolutely do this; make sure to either encrypt the logs or
send it over an encrypted tunnel and make sure to hash the logs.  However,
personally, I would keep this inside or at the very least, to a vendor over
an extranet line.


Regards,

Greg DeGennaro Jr., CCNP
Security Analyst


-----Original Message-----
From: Vineet Mehta [mailto:vineet () linux com kw] 
Sent: Monday, August 18, 2003 8:00 AM
To: security-basics () securityfocus com
Subject: Syslog over Internet

I have hired a server located in a different country. I heard that its
better to log all your syslog messages on a different machine. As i dont
have access to any other machine on that network except in my own
country.

My question is how safe and efficient it is to log Syslogd messages from
my server in other country to my server in this country?

Is it really safe? is it adviced to do so, of not then why?

Any help would be appreticated

Reegards,
-- 
Vineet Mehta
Network Security Consultant
Kuwait Linux Company
Kuwait
Ph-2412552/2463633
<vineet [at] linux [dot] com [dot] kw>
www.linux.com.kw

---------------------------------------------------------------------------
----------------------------------------------------------------------------