I would additionally like to send the logs over Syslog-ng to a log
server.
I stronly recommend not to do this. We had a ccc (chaos computer club)
meeting while someone brought the logfile from his mailserver to
meetings.
By seeing the logfile without error messages it was quite easy to
have a
look at the employees and and their key qualification.
By seeing logfiles unencrypted it's possible to have a look what's
running on your server so I strongly recommend not to do this.
Use logcheck local on your server and login over ssh which is quite
secure. (There was just one vulnerability in the past years).
I use a simple perl script fwlog to check the logfiles.
I agree with you on the logtransfer issue, but disagree with you on
the "don't-use-a-central-logserver" ;) At this moment we are using a
logserver in-house, so that's not encrypted, and we are using it on
some places where we send the logs outbound. There are several ways
to do this, and I'm using a OpenVPN-tunnel to send it. But I'm sure
it is possible to send the logs encrypted someway (stunnel maybe?) if
you are not able to use a VPN-tunnel.
With regards
Ronald
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
