Honeypots mailing list archives

Re: Question about logging

From: Valdis.Kletnieks () vt edu
Date: Thu, 05 Dec 2002 22:17:29 -0500

On Thu, 05 Dec 2002 19:59:12 EST, "TJ O'Grady" <tjogrady () flyingwithouta net>  said:

I am just getting my feet wet on some of the concepts in honeypots and 
intrusion detection. I was wondering if someone can point me in the 
direction of additional information on setting up logging. I am not 
understanding how a logging server can be available to copy logs to 
(via syslogd or some third party Windows tool) and yet not be 
vulnerable once the honeypot is compromised.


It's like protecting yourself against mobsters by sending a copy of the
incriminating evidence to somebody with instructions to go to the police
if they don't hear from you.

That make it clearer?
-- 
                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech

Attachment: _bin
Description:

Current thread:

Question about logging TJ O'Grady (Dec 05)
- Re: Question about logging Valdis . Kletnieks (Dec 05)
  - Re: Question about logging Curq (Dec 06)
- Re: Question about logging Floydman (Dec 06)
- <Possible follow-ups>
- Re: Question about logging Ryan Barnett (Dec 06)