Ralph Moeritz wrote:
I have an Rsyslog server to which I am forwarding logs from several machines, currently using UDP via omfwd. The problem with this is that it's insecure and I'm falling victim to spam messages being sent to my Rsyslog server.
Why do you have firewall rules that allow IPs that you don't manage to send messages to your syslog server?
Even if you do implement cert checking, exposing rsyslog like this gives your attackers a way to DOS you by forcing you to spend a lot of CPU checking the certs.
David Lang _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
