Hosting Provided By

RE: Remote Syslogd

From: John Fitzgerald <john(at)match-fit.com>
Date: Wed Nov 06 2002 - 14:12:13 EST

...seeing you mention logtail I guess you could use tail -f from a process outside the chrooted area (i.e a process that even a compromised syslogd can't touch) and pipe that through to a secured area on the system.

-----Original Message-----
From: Ben Boulanger [mailto:ben@blackavar.com] Sent: 06 November 2002 18:27
To: John Fitzgerald
Cc: forensics@securityfocus.com
Subject: RE: Remote Syslogd

On Wed, 6 Nov 2002, John Fitzgerald wrote:
> chrooted area on a regular basis. Does anybody know of an application
> that is optimized for copying sequentially increasing files?

logtail, part of the logcheck program (now called logsentry, apparently)

does this nicely. It's licensed under the GPL:

http://www.psionic.com/products/logsentry.html

Personally, I just use logtail to periodically move only the new data from
one log file to another location. I'm sure the rest of the suite is good,
I just only have experience with the logtail piece.

Ben

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Thu Nov 7 07:20:37 2002

Do you need help?

This message: [ Message body ]
Next message: Ben Boulanger: "RE: Remote Syslogd"
Previous message: Robinson, Sonja: "RE: Dealing with RAID and SCA Drives"
In reply to: Ben Boulanger: "RE: Remote Syslogd"
Next in thread: Ben Boulanger: "RE: Remote Syslogd"
Reply: Ben Boulanger: "RE: Remote Syslogd"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:41 EDT