bsdtalk138 - Central Syslog
vor 18 Jahren
News: DesktopBSD 1.6 and FreeBSD 6.3 released. Setting up a central
syslog server. If you are concerned about the security of your
logs, use a dedicated machine and lock it down. Keep clocks in
sync. You may need to change log rotation schedule in
/etc/ne
Podcast
Podcaster
Beschreibung
vor 18 Jahren
News:
DesktopBSD 1.6 and FreeBSD 6.3 released.
Setting up a central syslog server.
If you are concerned about the security of your logs, use a
dedicated machine and lock it down.
Keep clocks in sync.
You may need to change log rotation schedule in
/etc/newsyslog.conf. You can rotate based in size and/or time.
This can be as much a policy decision as a hardware decision.
On central log host, change syslogd flags to listen to
network. Each BSD does this differently, so check the man pages.
Also, check out the -n flag for busy environments.
Make sure host firewall allows syslog traffic through.
Be careful to limit syslog traffic to just the trusted
network or hosts. FreeBSD man page refers to syslogd as a "remote
disk filling service".
For heavy logging environments, it is important to have a
dedicated network. A down syslogd server can create a lot of "ARP
who-has" broadcasts.
Most network devices such as printers and commercial
firewalls support sending to a central syslog server. Take a look
at "Snare" for Windows hosts.
To send messages from a Unix host, specify the host name
prepended with @ instead of a file for logging in
/etc/syslog.conf. For example, change /var/log/xferlog to
@loghost.mydomain.biz. You can also copy and edit the line to
have it log to both a local file and a remote host.
File Info: 7Min, 3MB
Ogg Link:
https://archive.org/download/bsdtalk138/bsdtalk138.ogg
DesktopBSD 1.6 and FreeBSD 6.3 released.
Setting up a central syslog server.
If you are concerned about the security of your logs, use a
dedicated machine and lock it down.
Keep clocks in sync.
You may need to change log rotation schedule in
/etc/newsyslog.conf. You can rotate based in size and/or time.
This can be as much a policy decision as a hardware decision.
On central log host, change syslogd flags to listen to
network. Each BSD does this differently, so check the man pages.
Also, check out the -n flag for busy environments.
Make sure host firewall allows syslog traffic through.
Be careful to limit syslog traffic to just the trusted
network or hosts. FreeBSD man page refers to syslogd as a "remote
disk filling service".
For heavy logging environments, it is important to have a
dedicated network. A down syslogd server can create a lot of "ARP
who-has" broadcasts.
Most network devices such as printers and commercial
firewalls support sending to a central syslog server. Take a look
at "Snare" for Windows hosts.
To send messages from a Unix host, specify the host name
prepended with @ instead of a file for logging in
/etc/syslog.conf. For example, change /var/log/xferlog to
@loghost.mydomain.biz. You can also copy and edit the line to
have it log to both a local file and a remote host.
File Info: 7Min, 3MB
Ogg Link:
https://archive.org/download/bsdtalk138/bsdtalk138.ogg
Weitere Episoden
vor 2 Jahren
vor 9 Jahren
vor 10 Jahren
vor 10 Jahren
vor 10 Jahren
Kommentare (0)
Melde Dich an, um einen Kommentar zu schreiben.