Firewall Wizards mailing list archives

RE: Syslog set up

From: "Melson, Paul" <PMelson () sequoianet com>
Date: Fri, 25 Jul 2003 14:53:45 -0400

You forgot the "logging on" command.  That is a very common PIX Syslog

pilot error.


D'oh!

By default most Syslog servers listen on UDP port 514 (the default

which

you mentioned).  You specified port 1028 which would require a change

on

the Syslog server.


Absolutely.  Here's why:

A) To run syslogd on port 514 requires 'root' privileges (or
Administrator or Local/System, or...)  This may be a default, but it's
not a good default.  Since syslog servers typically need little more
than write access to a known directory, there's no reason to run it as a
privileged user.  To facilitate this, I run syslogd on a port >1024.
You should, too. :)

B) This adds a certain level of security-through-obscurity which, in and
of itself, is a lousy defense.  But it never hurt anything to keep 'em
guessing.

PaulM
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Syslog set up Doug Garrison (Jul 23)
- RE: Syslog set up Josh Welch (Jul 23)
- RE: Syslog set up Bob Wanamaker - Avant Systems, Inc. (Jul 23)
- Re: Syslog set up Brian A Kee (Jul 25)
- <Possible follow-ups>
- RE: Syslog set up Melson, Paul (Jul 24)
  - Re: Syslog set up David Thiel (Jul 25)
  - RE: Syslog set up Mark Tinberg (Jul 25)
- Re: Syslog set up Brian Ford (Jul 25)
- RE: Syslog set up Melson, Paul (Jul 25)