Bugtraq mailing list archives

syslog idea

From: hobbit () bronze lcs mit edu (*Hobbit*)
Date: Thu, 6 Oct 1994 22:22:04 -0400


People often mention the D-O-S attack possible even if you have a secure
logging host, that being send it gigabytes of trash.

If you don't have a secure logging host, there's also a possibility of
someone breaking in and then trashing the logfile to hide their tracks.

This brought to mind the idea of a "syslog monitor", or a process that would
just hang out someplace and stat the various log files periodically,
using some mechanism to warn of excessive size, mysterious shrinkage, and
maybe some other warning signs.

There are a lot of potential problems to be considered, especially if
the monitor is running on the same machine that just got cracked, but
would such a thing be useful?  It could even be built into syslog itself,
starting with, oh, the fwtk version or something.

_H*

Current thread:

Segmentation Faults Michael Bresnahan (Oct 05)
- Re: Segmentation Faults Brett Lymn (Oct 06)
- thanks! Michael Bresnahan (Oct 06)
- SMAIL Aleph One (Oct 06)
  - Re: SMAIL joshua geller (Oct 06)
  - Re: SMAIL James Seng (Oct 07)
  - one smail bug dan (Oct 07)
- syslog idea *Hobbit* (Oct 06)
  - Re: syslog idea David Kovar (Oct 06)
  - Re: syslog idea Jonathan M. Bresler (Oct 07)
    - Re: syslog idea Fred Blonder (Oct 07)
    - Re: syslog idea Jonathan M. Bresler (Oct 07)
    - Re: syslog idea Fred Blonder (Oct 07)
    - Re: syslog idea Jonathan M. Bresler (Oct 08)