Security Basics mailing list archives

Re: Syslog over Internet

From: Eric Nelson <en () megahosted com>
Date: Wed, 20 Aug 2003 16:25:36 -0700

Remote logging is always a good idea. 
A partner of mine wrote up a good howto on setting up syslog-ng and
stunnel loghosting. You should also be able to set iptables rules to
combat DOS attempts.



On Tue, Aug 19, 2003 at 08:18:04AM -0700, DeGennaro, Gregory wrote:

TCP would be better than UDP be the logs are still in plain text and to me
that is way too risky without encryption of some sort, whether tunnel or the
text file itself, or an extranet line.

Regards,

Greg DeGennaro Jr., CCNP
Security Analyst


-----Original Message-----
From: Arturo "Buanzo" Busleiman [mailto:buanzo () buanzo com ar] 
Sent: Monday, August 18, 2003 2:49 PM
To: Damian Menscher
Cc: Vineet Mehta; security-basics () securityfocus com
Subject: Re: Syslog over Internet

And we should not forget about NOT USING UDP for this. TCP would make a
better transport.



---------------------------------------------------------------------------
----------------------------------------------------------------------------


-- 
Eric Nelson     <en () megahosted com>  http://www.megahosted.com/~en/
GPG-key: C4AB5707 Fingerprint: 9E50 D5C2 2B02 A944 1A28  5CA5 366A 0294 C4AB 5707

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Syslog over Internet Vineet Mehta (Aug 18)
- RE: Syslog over Internet David Gillett (Aug 18)
- Re: Syslog over Internet Damian Menscher (Aug 18)
  - Re: Syslog over Internet Arturo "Buanzo" Busleiman (Aug 18)
  - RE: Syslog over Internet matt willson (Aug 20)
- Re: Syslog over Internet Valter Santos (Aug 20)
- <Possible follow-ups>
- RE: Syslog over Internet Keith T. Morgan (Aug 18)
- RE: Syslog over Internet DeGennaro, Gregory (Aug 18)
- RE: Syslog over Internet DeGennaro, Gregory (Aug 19)
  - Re: Syslog over Internet Eric Nelson (Aug 20)