bsdtalk138 - Central Syslog
Jan 23, 2008
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more
Episode description
News:
DesktopBSD 1.6 and FreeBSD 6.3 released.
Setting up a central syslog server.
File Info: 7Min, 3MB
Ogg Link:
https://archive.org/download/bsdtalk138/bsdtalk138.ogg
DesktopBSD 1.6 and FreeBSD 6.3 released.
Setting up a central syslog server.
- If you are concerned about the security of your logs, use a dedicated machine and lock it down.
- Keep clocks in sync.
- You may need to change log rotation schedule in /etc/newsyslog.conf. You can rotate based in size and/or time. This can be as much a policy decision as a hardware decision.
- On central log host, change syslogd flags to listen to network. Each BSD does this differently, so check the man pages. Also, check out the -n flag for busy environments.
- Make sure host firewall allows syslog traffic through.
- Be careful to limit syslog traffic to just the trusted network or hosts. FreeBSD man page refers to syslogd as a "remote disk filling service".
- For heavy logging environments, it is important to have a dedicated network. A down syslogd server can create a lot of "ARP who-has" broadcasts.
- Most network devices such as printers and commercial firewalls support sending to a central syslog server. Take a look at "Snare" for Windows hosts.
- To send messages from a Unix host, specify the host name prepended with @ instead of a file for logging in /etc/syslog.conf. For example, change /var/log/xferlog to @loghost.mydomain.biz. You can also copy and edit the line to have it log to both a local file and a remote host.
File Info: 7Min, 3MB
Ogg Link:
https://archive.org/download/bsdtalk138/bsdtalk138.ogg
For the best experience, listen in Metacast app for iOS or Android
Open in Metacast