way to duplicate logs?
Nielsen
nielsen at memberwebs.com
Fri Dec 10 17:16:13 PST 2004
Bob Ababurko wrote:
> Also, is there a way to make more than one copy of these logs?....I am
> not sure how this is set up and but I would like to possibly have
> another set of logs in place so if someone is editing them, I can catch
> it. I know there is a chance that I may be overreacting., but just in
> case I want to know.
You can forward them to another machine. Add a line like this to your
syslog.conf:
*.* @hostname
And then on the other machine change syslogd to accept (udp log packets)
connections from other machines by removing the '-s' flags.
Of course if someone is really messing around they'll be able to send
bogus logs to your other logging machine too.
Cheers,
Nate
More information about the freebsd-security
mailing list