tag:blogger.com,1999:blog-20054565.post-24468657030639534082008-01-23T13:13:00.000-08:002008-01-23T14:18:38.407-08:00News:<br />DesktopBSD 1.6 and FreeBSD 6.3 released.<br /><br />Setting up a central syslog server.<br /><ul><li>If you are concerned about the security of your logs, use a dedicated machine and lock it down.</li><li>Keep clocks in sync.</li><li>You may need to change log rotation schedule in /etc/newsyslog.conf. You can rotate based in size and/or time. This can be as much a policy decision as a hardware decision.<br /></li><li>On central log host, change syslogd flags to listen to network. Each BSD does this differently, so check the man pages. Also, check out the -n flag for busy environments.<br /></li><li>Make sure host firewall allows syslog traffic through.</li><li>Be careful to limit syslog traffic to just the trusted network or hosts. FreeBSD man page refers to syslogd as a "remote disk filling service".</li><li>For heavy logging environments, it is important to have a dedicated network. A down syslogd server can create a lot of "ARP who-has" broadcasts.</li><li>Most network devices such as printers and commercial firewalls support sending to a central syslog server. Take a look at "Snare" for Windows hosts.</li><li>To send messages from a Unix host, specify the host name prepended with @ instead of a file for logging in /etc/syslog.conf. For example, change /var/log/xferlog to @loghost.mydomain.biz. You can also copy and edit the line to have it log to both a local file and a remote host.<br /></li></ul><br />File Info: 7Min, 3MB<br /><br />Ogg Link:<br />http://cisx1.uma.maine.edu/~wbackman/bsdtalk/bsdtalk138.ogg<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/20054565-2446865703063953408?l=bsdtalk.blogspot.com'/></div>Mrhttp://www.blogger.com/profile/01892092907807448908noreply@blogger.com6