Professional Web Applications Themes

syslog/postfix question - FreeBSD

I've been perusing man syslog and man syslog.conf, and haven't gotten my mind quite wrapped around it yet. I have 4 FBSD 5.3 servers on my network, each running postfix 2.x. One is a mail gateway to our Exchange server, the others are just using postifx for mailing out the daily/weekly/monthly/security logs, while they perform their other duties. I want to have the normal logging (in this case /var/log/messages and /var/log/maillog) happen both locally and sent to a remote syslog server. I haven't yet modified syslog.conf on any of these machines. Am I correct in believing that all I have ...

  1. #1

    Default syslog/postfix question

    I've been perusing man syslog and man syslog.conf, and haven't gotten my
    mind quite wrapped around it yet.

    I have 4 FBSD 5.3 servers on my network, each running postfix 2.x. One
    is a mail gateway to our Exchange server, the others are just using
    postifx for mailing out the daily/weekly/monthly/security logs, while
    they perform their other duties.

    I want to have the normal logging (in this case /var/log/messages and
    /var/log/maillog) happen both locally and sent to a remote syslog server.

    I haven't yet modified syslog.conf on any of these machines.

    Am I correct in believing that all I have to do to make this happen is
    uncomment the line that says:

    #*.* loghost

    and change loghost to match my syslog server? That is, along with
    making sure that name resolution works correctly, of course.

    TIA,

    Kurt
    Kurt Guest

  2. #2

    Default Re: syslog/postfix question



    Kurt Buff wrote:
     
    On the sending end that's it. On the receiving host you need to make
    sure syslogd has the correct setting to receive the log packets. There
    are security upsides and downside to doing what you propose.

    Upside: logs are on a different box - hopefully a secure one - so you
    have a record of attacks against the other boxes.

    Downside: log packets are unencrypted UDP so a black hat may be able to
    sniff them and learn about system configuration.

    In the end I think the upside wins.

    John
    John Guest

  3. #3

    Default Re: syslog/postfix question

    John Pettitt wrote: 
    >
    > On the sending end that's it. On the receiving host you need to make
    > sure syslogd has the correct setting to receive the log packets. There
    > are security upsides and downside to doing what you propose.
    >
    > Upside: logs are on a different box - hopefully a secure one - so you
    > have a record of attacks against the other boxes.
    >
    > Downside: log packets are unencrypted UDP so a black hat may be able to
    > sniff them and learn about system configuration.
    >
    > In the end I think the upside wins.
    >
    > John[/ref]

    That's what I needed to hear. I've been aware of the risks for a while -
    I've got a syslogging client on my Windows servers. I want the
    centralization - it makes research just that much easier.

    Thanks for the help.

    Kurt
    Kurt Guest

Similar Threads

  1. Syslog replay script for centralized syslog data
    By leroy in forum Linux / Unix Administration
    Replies: 2
    Last Post: October 29th, 07:52 AM
  2. question about syslogd and syslog-ng interoperatibility
    By valmik in forum Linux / Unix Administration
    Replies: 0
    Last Post: November 27th, 05:43 PM
  3. Syslog question
    By Rob in forum Linux / Unix Administration
    Replies: 0
    Last Post: October 27th, 09:22 PM
  4. Replies: 3
    Last Post: July 23rd, 03:47 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139