ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "bsdtalk138 - Central Syslog"
Episode Synopsis
News:
DesktopBSD 1.6 and FreeBSD 6.3 released.
Setting up a central syslog server.
If you are concerned about the security of your logs, use a dedicated machine and lock it down.
Keep clocks in sync.
You may need to change log rotation schedule in /etc/newsyslog.conf. You can rotate based in size and/or time. This can be as much a policy decision as a hardware decision.
On central log host, change syslogd flags to listen to network. Each BSD does this differently, so check the man pages. Also, check out the -n flag for busy environments.
Make sure host firewall allows syslog traffic through.
Be careful to limit syslog traffic to just the trusted network or hosts. FreeBSD man page refers to syslogd as a "remote disk filling service".
For heavy logging environments, it is important to have a dedicated network. A down syslogd server can create a lot of "ARP who-has" broadcasts.
Most network devices such as printers and commercial firewalls support sending to a central syslog server. Take a look at "Snare" for Windows hosts.
To send messages from a Unix host, specify the host name prepended with @ instead of a file for logging in /etc/syslog.conf. For example, change /var/log/xferlog to @loghost.mydomain.biz. You can also copy and edit the line to have it log to both a local file and a remote host.
File Info: 7Min, 3MB
Ogg Link:
https://archive.org/download/bsdtalk138/bsdtalk138.ogg
DesktopBSD 1.6 and FreeBSD 6.3 released.
Setting up a central syslog server.
If you are concerned about the security of your logs, use a dedicated machine and lock it down.
Keep clocks in sync.
You may need to change log rotation schedule in /etc/newsyslog.conf. You can rotate based in size and/or time. This can be as much a policy decision as a hardware decision.
On central log host, change syslogd flags to listen to network. Each BSD does this differently, so check the man pages. Also, check out the -n flag for busy environments.
Make sure host firewall allows syslog traffic through.
Be careful to limit syslog traffic to just the trusted network or hosts. FreeBSD man page refers to syslogd as a "remote disk filling service".
For heavy logging environments, it is important to have a dedicated network. A down syslogd server can create a lot of "ARP who-has" broadcasts.
Most network devices such as printers and commercial firewalls support sending to a central syslog server. Take a look at "Snare" for Windows hosts.
To send messages from a Unix host, specify the host name prepended with @ instead of a file for logging in /etc/syslog.conf. For example, change /var/log/xferlog to @loghost.mydomain.biz. You can also copy and edit the line to have it log to both a local file and a remote host.
File Info: 7Min, 3MB
Ogg Link:
https://archive.org/download/bsdtalk138/bsdtalk138.ogg
More episodes of the podcast bsdtalk
bsdtalk266 - The nodes take over
09/02/2017
bsdtalk265 - Sunset on BSD
31/05/2016
bsdtalk264 - Down the Gopher Hole
30/04/2016
bsdtalk263 - joshua stein and Brandon Mercer
23/03/2016
bsdtalk262 - LightZone with Tex Andrews
19/02/2016
bsdtalk259 - Supporting a BSD Project
30/11/2015
In God we trust