Firewall Wizards mailing list archives
RE: Syslog set up
From: "Melson, Paul" <PMelson () sequoianet com>
Date: Fri, 25 Jul 2003 14:53:45 -0400
You forgot the "logging on" command. That is a very common PIX Syslog
pilot error.
D'oh!
By default most Syslog servers listen on UDP port 514 (the default
which
you mentioned). You specified port 1028 which would require a change
on
the Syslog server.
Absolutely. Here's why: A) To run syslogd on port 514 requires 'root' privileges (or Administrator or Local/System, or...) This may be a default, but it's not a good default. Since syslog servers typically need little more than write access to a known directory, there's no reason to run it as a privileged user. To facilitate this, I run syslogd on a port >1024. You should, too. :) B) This adds a certain level of security-through-obscurity which, in and of itself, is a lousy defense. But it never hurt anything to keep 'em guessing. PaulM _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Syslog set up Doug Garrison (Jul 23)
- RE: Syslog set up Josh Welch (Jul 23)
- RE: Syslog set up Bob Wanamaker - Avant Systems, Inc. (Jul 23)
- Re: Syslog set up Brian A Kee (Jul 25)
- <Possible follow-ups>
- RE: Syslog set up Melson, Paul (Jul 24)
- Re: Syslog set up David Thiel (Jul 25)
- RE: Syslog set up Mark Tinberg (Jul 25)
- Re: Syslog set up Brian Ford (Jul 25)
- RE: Syslog set up Melson, Paul (Jul 25)