[ previous ] [ next ] [ threads ]
 
 From:  John <naverxp at yahoo dot com dot sg>
 To:  Chet Harvey <chet at pittech dot com>
 Cc:  Braden McGrath <braden at mcmail dot homeip dot net>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Download the log files on m0n0 system (exec.php)
 Date:  Wed, 02 Mar 2005 01:46:28 +0800
Thanks guys!

>I would still use a remote syslog for any number of reasons but I will list just
>a few:
>
>1) historical data - you can certainly store more log data on a syslog server
>than what you could in ram. One good ping sweep by an attacker and your log has
>rotated.
>
>2) analyze data - depending on what you decide to log, you could run some log
>analyzer on the log data to present some very detailed reports on what has been
>happening on your network.
>
>3) ease of log data use - personally I dont have the time to "log" into my m0n0
>to manually look at the messages store. That's what I use cron for on a remote
>syslog =)
>
>
>Chet Harvey
>Pitbull Technologies <http://www.pittech.com/> 
>Protecting your Digital Assets
>703.407.7311
>
>
>Quoting Braden McGrath <braden at mcmail dot homeip dot net>:
>
>  
>
>>Well, it stores them to the ramdisk...  you'd have to hack the setup to
>>get it to log to the boot disk (or an alternate partition/slice,
>>preferrably). 
>>
>>    
>>
>>>-----Original Message-----
>>>From: John [mailto:naverxp at yahoo dot com dot sg] 
>>>Sent: Sunday, February 27, 2005 5:58 PM
>>>To: waa dash m0n0wall at revpol dot com
>>>Cc: m0n0wall at lists dot m0n0 dot ch
>>>Subject: Re: [m0n0wall] Download the log files on m0n0 system 
>>>(exec.php)
>>>
>>>Certainly agreeable. However, m0n0 must be storing the logs 
>>>somewhere before it is readable on System Log's page?And 
>>>since i'm running m0n0wall on a big capacity harddisk it 
>>>wouldn't be wise to move my syslogging to a remote server.
>>>
>>>
>>>
>>>      
>>>
>>>>I would recommend that you set up a remote syslog server. 
>>>>        
>>>>
>>>That way all 
>>>      
>>>
>>>>of m0n0wall's entries would always be on another server. Makes the 
>>>>m0n0wall log entries very easy to search/archive/etc.
>>>>        
>>>>
>>>
>>>      
>>>