[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Making a secure log server?
- From: Aaron Turner <aturner linuxkb org>
- To: redhat-list redhat com
- Subject: Re: Making a secure log server?
- Date: Mon, 18 Oct 1999 10:10:25 -0700 (PDT)
I would use netcat over a ssh or ssl port. Stunnel w/ OpenSSL would work
great for this sort of thing, but if you're a company there are certain
legal issues one may have to deal with when using the RSA algorithm.
--
Aaron Turner, Core Developer http://vodka.linuxkb.org/~aturner/
Linux Knowledge Base Organization http://linuxkb.org/
Because world domination requires quality open documentation.
On Mon, 18 Oct 1999, Michael Jinks wrote:
> I need to get something done, I know it's possible, but I don't know
> quite how best to go about it.
>
> We have a Sparc 5 running RH6.0 that we'd like to use as a central
> repository for log files from lots of (mostly Solaris) machines. The
> log files themselves are not necessarily generated by syslog; in fact
> the ones that we care most about currently are generated by Netscape
> servers, which don't log via syslog and (as far as we can tell) don't
> log in any kind of network-aware manner at all. They just write to
> their files.
>
> What I'd like to do is to set up some sort of process whereby the
> Netscape server on the remote machine is tricked into spitting its log
> lines to some sort of pipeline, which looks like it's in the filesystem
> but is actually a front-end to an encrypted network connection to the
> log server. At the log server end, something should decrypt the
> incoming lines and append them to a real log file.
>
> Simple, right?
>
> Sure, I just don't know how to do it.
>
> It's fairly important that we don't lose any log lines due to things
> like network trouble or log server reboots or what have you, so that
> adds some complication. It would also be nice if we don't have to store
> the logs locally on the client machines for any longer than necessary,
> but that isn't essential.
>
> We've thought about using the ssh-wrapped non-routable net interface
> trick to handle the network connection itself, but that still leaves the
> question of getting the log lines from Netscape out to the net
> interface.
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]