In message <4145C53C.4030306@xxxxxxx>, Nathaniel Hall writes: > I am trying to setup a secure logging server using syslog (I know, use > Syslog-NG). I did some research and found that I should use netcat, but > I am unable to get it working correctly. So far, I have found this: > > Netcat will happily pipe UDP into a TCP stream. On the client machine, > > you would want to do something like: > > nc -l -u -p syslog | nc localhost 9999 > > (as root, to bind to the syslog port) > > On your syslog server end, you'd do something like: > > nc -l -p 9999 | nc localhost -u syslog > > Setup your ssh tunnel from port 9999 on the client machine to > port 9999 on the syslog server machine. > > Setup syslogd on the client to log the messages to localhost. Also, > make sure that the client syslogd is set up to not receive messages > from the network. > > You'll want to filter on the TCP listening port on the server to prevent > people from DoS'ing you with spurious messages. > > < http://www.patoche.org/LTT/security/00000118.html > > > I have tried this and have to been able to get it to work. Any ideas? You will likely see, whether using ssh here or stunnel, that all logged messages appear to come from the syslog server. Can anyone suggest a way to preserve the source of these messages through the pair of netcat processes? This whole issue can be avoided when running syslog_ng on the server. John -- John T. Rose Academic Information Technologies rose@xxxxxxxxxxx Systems Software Group Systems Analyst 237 Durham Center <A HREF="http://www.public.iastate.edu/~rose";>John T. Rose</A> -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
