Firewall Wizards mailing list archives

More Syslog Questions

From: "Nathaniel Hall" <halln () otc edu>
Date: Tue, 13 Jul 2004 15:10:54 -0500

Since someone asked a question about syslog, I thought I would add a couple
of my own.

 

I am in the process of setting up a centralized syslog server running RedHat
AS3.  Currently, I am using syslog as our daemon, but have heard there are
other, better solutions.  What do you suggest?

 

Mr. Ranum, you spoke to my co-worker at Usenix on this topic, would you mind
posting your response to this:

 

In an effort to make the log server as secure as possible, I would like to
find a way to use an append only file system.  Unfortunately, if this is
done, logs cannot be rotated using logrotate so the server must be taken
down to single user mode to rotate the logs, causing the loss of many log
entries.

 

Does anybody know of a good append only file system or another solution to
achieve the same results?

 

Any feedback is appreciated.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~

Nathaniel Hall

Intrusion Detection and Firewall Technician

 

Ozarks Technical Community College -- Office of Computer Networking

417-799-0552

Current thread:

More Syslog Questions Nathaniel Hall (Jul 15)
- Re: More Syslog Questions Frank Knobbe (Jul 19)
- Re: More Syslog Questions Devdas Bhagat (Jul 19)
  - Re: More Syslog Questions Marcus J. Ranum (Jul 19)
    - Re: More Syslog Questions Brian Hatch (Jul 19)
    - Re: More Syslog Questions Henning Brauer (Jul 20)
- <Possible follow-ups>
- Re: More Syslog Questions Marcus J. Ranum (Jul 19)
- More Syslog Questions Nathaniel Hall (Jul 19)
  - Re: More Syslog Questions The Anarcat (Jul 19)
    - Re: More Syslog Questions Bruce Smith (Jul 19)
  - Re: More Syslog Questions Marcus J. Ranum (Jul 19)

(Thread continues...)