Syslog over SSH
Nathaniel Hall
halln at otc.edu
Thu Sep 16 16:05:24 UTC 2004
I believe I have figure out my ssh tunnel problems, however, I am still
unable to get it completly working. Here is the setup:
Srv1 ---> LogSrv
For SSH, I have setup public key encryption to keep from having to
provide a password. Here are the commands I am using:
On the LogSrv
nc -l -p 9999 | nc localhost -u syslog &
On Srv1
ssh -C -L 9999:192.168.190.153:9999 root at 192.168.190.153 & ( To
initiate the ssh connection)
nc -l -u -p syslog | nc localhost 9999 & (To redirect to correct
ports)
I can get everything to connect, but when I try to send it logs, it does
not receive them on LogSrv. I previously setup this test machine to log
directly using syslog and changed the configuration to test with SSH
tunnels. It worked previously. Now, here is what I get:
[2]+ Stopped nc -l -u -p syslog | nc localhost 9999
This usually shows up when I send a test entry using Logger Test, but
not always. Any ideas or questions, just e-mail me or the list and I'll
respond.
Nathaniel Hall
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking
halln at otc.edu
417-799-0552
Nathaniel Hall wrote:
> I am trying to setup a secure logging server using syslog (I know, use
> Syslog-NG). I did some research and found that I should use netcat,
> but I am unable to get it working correctly. So far, I have found this:
> Netcat will happily pipe UDP into a TCP stream. On the client
> machine,
>
> you would want to do something like:
>
> nc -l -u -p syslog | nc localhost 9999
>
> (as root, to bind to the syslog port)
>
> On your syslog server end, you'd do something like:
>
> nc -l -p 9999 | nc localhost -u syslog
>
> Setup your ssh tunnel from port 9999 on the client machine to
> port 9999 on the syslog server machine.
>
> Setup syslogd on the client to log the messages to localhost. Also,
> make sure that the client syslogd is set up to not receive messages
> from the network.
>
> You'll want to filter on the TCP listening port on the server to
> prevent
> people from DoS'ing you with spurious messages.
>
> < http://www.patoche.org/LTT/security/00000118.html >
>
> I have tried this and have to been able to get it to work. Any ideas?
>
More information about the redhat-list
mailing list