Syslog over SSH
John T. Rose
rose at iastate.edu
Mon Sep 13 16:20:08 UTC 2004
In message <4145C53C.4030306 at otc.edu>,
Nathaniel Hall writes:
> I am trying to setup a secure logging server using syslog (I know, use
> Syslog-NG). I did some research and found that I should use netcat, but
> I am unable to get it working correctly. So far, I have found this:
>
> Netcat will happily pipe UDP into a TCP stream. On the client machine,
>
> you would want to do something like:
>
> nc -l -u -p syslog | nc localhost 9999
>
> (as root, to bind to the syslog port)
>
> On your syslog server end, you'd do something like:
>
> nc -l -p 9999 | nc localhost -u syslog
>
> Setup your ssh tunnel from port 9999 on the client machine to
> port 9999 on the syslog server machine.
>
> Setup syslogd on the client to log the messages to localhost. Also,
> make sure that the client syslogd is set up to not receive messages
> from the network.
>
> You'll want to filter on the TCP listening port on the server to prevent
> people from DoS'ing you with spurious messages.
>
> < http://www.patoche.org/LTT/security/00000118.html >
>
> I have tried this and have to been able to get it to work. Any ideas?
You will likely see, whether using ssh here or stunnel, that
all logged messages appear to come from the syslog server.
Can anyone suggest a way to preserve the source of these messages
through the pair of netcat processes?
This whole issue can be avoided when running syslog_ng on the
server.
John
--
John T. Rose Academic Information Technologies
rose at iastate.edu Systems Software Group
Systems Analyst 237 Durham Center
<A HREF="http://www.public.iastate.edu/~rose">John T. Rose</A>
More information about the redhat-list
mailing list