Syslog over SSH
Nathaniel Hall
halln at otc.edu
Mon Sep 13 16:05:16 UTC 2004
I am trying to setup a secure logging server using syslog (I know, use
Syslog-NG). I did some research and found that I should use netcat, but
I am unable to get it working correctly. So far, I have found this:
Netcat will happily pipe UDP into a TCP stream. On the client machine,
you would want to do something like:
nc -l -u -p syslog | nc localhost 9999
(as root, to bind to the syslog port)
On your syslog server end, you'd do something like:
nc -l -p 9999 | nc localhost -u syslog
Setup your ssh tunnel from port 9999 on the client machine to
port 9999 on the syslog server machine.
Setup syslogd on the client to log the messages to localhost. Also,
make sure that the client syslogd is set up to not receive messages
from the network.
You'll want to filter on the TCP listening port on the server to prevent
people from DoS'ing you with spurious messages.
< http://www.patoche.org/LTT/security/00000118.html >
I have tried this and have to been able to get it to work. Any ideas?
--
Nathaniel Hall
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking
halln at otc.edu
417-799-0552
More information about the redhat-list
mailing list