To log syslog messages to another server just edit /etc/syslog.conf and direct kern.=info to @<hostname_of_logging_machine>.
You also have to go to the logging machine and setup it up to recieive logs from other computers by using the -r argument on syslogd. (see man page) I would like to make another comment that's not exactly directed to your post but might help in the future. There are hackers that search through mailing list and newsgroup archives looking for posts similar to yours in that you include alot of information about yourself in your sig file. This allows a hacker to know the name of the firewall manager at your company as well as some other important details. I could call your main office number now and perform social engineering. "Hi this is Jon Miller from the Systems Department, i have to reset your password, what was your old one again? Of course nobody needs to know a previous password in order to reset one.. but i'm willing to bet there's at least one user i could get on the phone that would tell me. Of course this type of engineering goes on all the time, dropping the name of the director of systems sure makes it sound more legit. Also in the future if you post specific questions about your firewall that include any details about its configuration, a hacker could read that posting and instead of helping you plug the hole... comprimise your system. Hope this helps out in some way. Clint/schwack On Sat, 2 Jun 2001, Jon Miller wrote: > After setting up the IPChains policies and rules, I want to be able to have a > log file of any DENY packets sent to me. We use GroupWise as a email > package. I also want those log files to exist on another Debian server that > sits behind the firewall. > > TIA > > Jon L. Miller, MCNE > Director/Sr Systems Consultant > MMT Networks Pty Ltd > http://www.mmtnetworks.com.au > PH: +61 8 9242 8600 > FX: +61 8 9242 8611 > "I don't know the key to success, but the key to failure > is trying to please everybody." -Bill Cosby >
