Re: Remote Logging
Mat Miller (mmiller@ISD.CBIS.COM)
Tue, 7 Jan 1997 07:36:44 -0500
> From owner-ids@wyrm.its.uow.edu.au Mon Jan 6 22:09:19 1997
> X-Authentication-Warning: wyrm.its.uow.edu.au: majordom set sender to owner-ids using -f
> To: ids@uow.edu.au
> Subject: Re: Remote Logging
> X-Uri: http://www.cs.purdue.edu/people/spaf
> Date: Sun, 08 Dec 1996 19:47:34 -0500
> From: spaf@cs.purdue.edu (Gene Spafford)
> Sender: owner-ids@uow.edu.au
> Reply-To: ids@uow.edu.au
> Content-Length: 1174
>
> [ Moderator Note: This message was previously truncated - due to a period `.'
> incorrectly placed at the begginging of a line. Computer Risks B) ]
>
> > I caught some of the conversation on audit trails and the likes, and wanted
> > to know if anyone knows any FAQ's, web pages, or books..etc, that explain a
> > bit on how one could have local log files, and also log the same info
> > remotely, making it a great deal harder for an intruder to erase his prescense.
> >
>
> Chapter 10 of "Practical Unix & Internet Security" (O'Reilly &
> Associates, 1996) contains a fairly full description of the various
> log files on most vesions of Unix, and about methods of replicating
> logs to a printer or remotely.
>
> The rest of the book also provides an in-depth treatment of about
> 9/10s of the material that seems to get discussed again and again in
> these mailing lists. A lot of things could be answered if people
> would simply read their manuals or read the book.
>
> Of course, I am a bit biased -- I did spend almost a year helping to
> write the book. :-)
>
> It makes a great Christmas stocking stuffer (if you have big
> stockings). See <http://www.ora.com/item/pus2.html> for more details.
>
> --spaf
>
Are you trying to say RTFM?!
Well any way ... there is an article in Sys Admin MAG ... ( Dec 1996 ) on
syslog.conf that is good ....
|}