Firewall Wizards mailing list archives
Re: More Syslog Questions
From: Frank Knobbe <frank () knobbe us>
Date: Fri, 16 Jul 2004 00:02:16 -0500
On Tue, 2004-07-13 at 15:10, Nathaniel Hall wrote:
In an effort to make the log server as secure as possible, I would like to find a way to use an append only file system. Unfortunately, if this is done, logs cannot be rotated using logrotate so the server must be taken down to single user mode to rotate the logs, causing the loss of many log entries.
May I suggest you look at alternative syslog daemons? I personally prefer syslog-ng. I have it configured so that that it creates unique files each day named <year>-<month>-<day>-messages, -firewall, -auth, etc. No need to rotate the logs as you have one file per day per log type. It is very easy to configure. Furthermore you can forward syslog messages between hosts via TCP which makes it very easy to tunnel data over SSL or SSH to a central log server. Check it out at http://www.balabit.com/products/syslog_ng Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- More Syslog Questions Nathaniel Hall (Jul 15)
- Re: More Syslog Questions Frank Knobbe (Jul 19)
- Re: More Syslog Questions Devdas Bhagat (Jul 19)
- Re: More Syslog Questions Marcus J. Ranum (Jul 19)
- Re: More Syslog Questions Brian Hatch (Jul 19)
- Re: More Syslog Questions Henning Brauer (Jul 20)
- Re: More Syslog Questions Marcus J. Ranum (Jul 19)
- <Possible follow-ups>
- Re: More Syslog Questions Marcus J. Ranum (Jul 19)
- More Syslog Questions Nathaniel Hall (Jul 19)
- Re: More Syslog Questions The Anarcat (Jul 19)
- Re: More Syslog Questions Bruce Smith (Jul 19)
- Re: More Syslog Questions Marcus J. Ranum (Jul 19)
- Re: More Syslog Questions Chuck Swiger (Jul 19)
- Re: More Syslog Questions The Anarcat (Jul 19)
(Thread continues...)