LinuxSecurity.com: Remote Syslogging - A Primer

[ Thanks to LinuxSecurity Contributors for this link. ]

"The syslog daemon is a very versatile tool that should never be overlooked under any circumstances. The facility itself provides a wealth of information regarding the local system that it monitors.

"However, what happens when the system it's monitoring gets compromised?

"When a system becomes compromised, and the intruder obtains elevated root privileges, he now has the ability, as well as the will, to trash any and all eviden ce leading up to the intrusion, on top of erasing anything else thereafter, including other key system files.

"That's where remote system logging comes in, and it's real super-easy to set up..."

Complete Story

Related Stories:

• Linux Journal: Stealthful Sniffing, Intrusion Detection and Logging(Sep 16, 2002)
• Crossnodes: Use Snort for Lightweight Intrusion Detection(Jul 15, 2002)
• Linux and Main: Preventing File Limit Denials of Service(Jul 10, 2002)
• LinuxSecurity.com: Flying Pigs: Snorting Next Generation Secure Remote Log Servers over TCP(Jun 06, 2002)