Objective 1: System Logging
System logging on Linux (and Unix) is done via the syslog service. One of the strong points of this service is that it can log over a network, so you can set up a central logging server. Events from many systems are then logged in chronological order and important messages can be checked in one place instead of on each of your hosts.
Warning
The weak point about using syslog over a network is that there is no security. Your central syslog server has no way to authenticate who sent a given message. In addition, messages are sent by UDP, which means that a message can be lost. UDP further weakens security, because it is easily the victim of IP spoofing. On top of that, the message is transported in plain text.
Warning
In other words, your remote logging is about as secure as your network. You can trust your central syslog as far as you can trust all the users that have access to your network. If you need more security than this, you should look at alternative syslog implementations, such as syslog-ng (see http://www.balabit.hu/products/syslog-ng/ for more information).
Setting Up a syslog Server
The default configuration of the Linux system log daemon, syslogd, is secure because it does not listen on the network. To enable network listening, you have to customize your syslog init script, and syslogd must be started with the -r option.
In Debian, write directly into /etc/init.d/sysklogd to insert the -r into the SYSLOGD variable. On Red Hat and many other ...
Get LPI Linux Certification in a Nutshell, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
