[ previous ] [ next ] [ threads ]
 
 From:  Chet Harvey <chet at pittech dot com>
 To:  Braden McGrath <braden at mcmail dot homeip dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] Download the log files on m0n0 system (exec.php)
 Date:  Tue, 1 Mar 2005 09:10:10 -0500
I would still use a remote syslog for any number of reasons but I will list just
a few:

1) historical data - you can certainly store more log data on a syslog server
than what you could in ram. One good ping sweep by an attacker and your log has
rotated.

2) analyze data - depending on what you decide to log, you could run some log
analyzer on the log data to present some very detailed reports on what has been
happening on your network.

3) ease of log data use - personally I dont have the time to "log" into my m0n0
to manually look at the messages store. That's what I use cron for on a remote
syslog =)


Chet Harvey
Pitbull Technologies <http://www.pittech.com/> 
Protecting your Digital Assets
703.407.7311


Quoting Braden McGrath <braden at mcmail dot homeip dot net>:

> Well, it stores them to the ramdisk...  you'd have to hack the setup to
> get it to log to the boot disk (or an alternate partition/slice,
> preferrably). 
> 
> > -----Original Message-----
> > From: John [mailto:naverxp at yahoo dot com dot sg] 
> > Sent: Sunday, February 27, 2005 5:58 PM
> > To: waa dash m0n0wall at revpol dot com
> > Cc: m0n0wall at lists dot m0n0 dot ch
> > Subject: Re: [m0n0wall] Download the log files on m0n0 system 
> > (exec.php)
> > 
> > Certainly agreeable. However, m0n0 must be storing the logs 
> > somewhere before it is readable on System Log's page?And 
> > since i'm running m0n0wall on a big capacity harddisk it 
> > wouldn't be wise to move my syslogging to a remote server.
> > 
> > 
> > 
> > > I would recommend that you set up a remote syslog server. 
> > That way all 
> > > of m0n0wall's entries would always be on another server. Makes the 
> > > m0n0wall log entries very easy to search/archive/etc.
> > 
> > 
> > 
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > 
> > 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>