Toen wij Professional Software Engineering kietelden, kwam er dit uit:
BTW, remote syslogging has another significant benefit: the syslog
host can be stripped down to virtually no services and heavily
firewalled (for instance, allowing only traffic from local hosts,
which is easy enough if it's on a pricate IP space and itself isn't
even physically connected to
the internet). If a logged host is compromised, the attacker cannot
successfully _EDIT_ the logfiles, since the events already emitted to
the syslog have already been emitted to that other host.
Orthogonally: if you keep your 'rotated logs' (I mean the old logs)
on a separate disk, than that disk only has to spin once a week,
which will keep even an IDE-disk alive for years. My communication
server here is a very old Linux-machine (Pentium 75 without CPU-fan)
that has been running for ages. The IDE-harddisk was already old
when put in. It runs fetchmail every 5 minutes and sleeps in
between, so I called it sleepy.
--
Grtz, Ruud
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail