RE: [m0n0wall] syslog doesn't accept dyndns adresses

From:	"Egbert Jan" <egbert at vandenbussche dot nl>
To:	"'Anderes'" <anderes at buerotiger dot de>
Cc:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	RE: [m0n0wall] syslog doesn't accept dyndns adresses
Date:	Fri, 14 May 2010 20:54:18 +0200
Hi Michael, is the adres of the syslog server really changing very often?
Maybe you could do with an IP address aftr all. Many providers don't
guarantee a fixed address but in fact it IS always the same. 

Monowall probably has a (ring)buffer for log messages but I'm not aware of
the size of the buffer, if any. Polling the client for their logbuffer does
not seem to be a very reliable job to me either.

Could you setup VPN connections to the devices? It would solve the
info-leaking and the server seems local to the clients. Please don't ask me
how to do it, the idea just came to mind... Also remember that the syslog
messages are udp. No control, no handshaking. So no guarantees that they
ever arrive at all...

Egbert Jan

> -----Oorspronkelijk bericht-----
> Van: Anderes [mailto:anderes at buerotiger dot de] 
> Verzonden: vrijdag 14 mei 2010 18:53
> Aan: 'Egbert Jan'
> Onderwerp: AW: [m0n0wall] syslog doesn't accept dyndns adresses
> 
> 
> Hi Egbert Jan,
> 
> yes... my syslog server is "somewhere" in the internet. Since 
> I have three m0n0walls running, I want them to send all their 
> logs to one syslog server. You are totally right with your 
> concerns. Do you have another idea? Are the logs saved on the 
> m0n0wall PC?
> 
> 
> Thanks and ciao,
> Michael
> 
> 
> -----Ursprüngliche Nachricht-----
> Von: Egbert Jan [mailto:egbert at vandenbussche dot nl] 
> Gesendet: Freitag, 14. Mai 2010 09:18
> An: 'Anderes'; m0n0wall at lists dot m0n0 dot ch
> Betreff: RE: [m0n0wall] syslog doesn't accept dyndns adresses
> 
> > -----Oorspronkelijk bericht-----
> > Van: Anderes [mailto:anderes at buerotiger dot de]
> > Verzonden: vrijdag 14 mei 2010 1:01
> > Aan: m0n0wall at lists dot m0n0 dot ch
> > Onderwerp: [m0n0wall] syslog doesn't accept dyndns adresses
> > 
> > 
> > Hello,
> > can please someone explain me how to configure the syslog
> > functionality at m0n0wall. My problem:
> > 
> > m0n0wall needs an IP address for the remote syslog server.
> > Since my remote syslog server is behind a router I configured 
> > dyndns for the router, but for sending the syslog messages 
> > m0n0wall doesn't accept a dyndns address. Only IP addresses 
> > as mentioned.
> > 
> > Many thanks in advance,
> > 
> > Michael
> 
> Dunno if I understand you correctly, Micheal. From a first 
> glance I would say that you just need a static route in your 
> Monowall telling it where to route the syslog packets. This 
> would be the ip adress of the router side where your monowall 
> is connected. 
> 
> If you are talking about a syslog server sitting elsewhere 
> over internet behinda  router that has a DynDNS address, we 
> talking a different story. Personally I would NEVER do that 
> unencrypted because syslog info may carry 'interesting' debug info.
> 
> Egbert Jan (NL)
>  
> 
>