Firewalls: Syslog

Firewalls
(October 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Syslog
From:	jimc @ e-Commerce . Com (Jim Carroll)
Date:	Fri, 7 Oct 94 09:06:36 EDT
To:	smartin @ fujitsu . ca (Stephen Martin)
Cc:	firewalls @ greatcircle . com
In-reply-to:	<9410071232 . AA17571 @ falcon>
References:	<9410071232 . AA17571 @ falcon>
Reply-to:	jimc @ e-Commerce . Com

Stephen Martin writes:
> >From listening to the thread do far, it seems that the main threat to syslog
> is through the denial of service caused by filling up the loghosts disk. It 
> might therefore be a good idea to have /var/log or where ever you want the
> logging to go, be a separate partition so that your loghost can not be screwed
> up by filling up it's root partition.

Agreed.  Then, although not perfect, it would seem that the best way
to prevent this is to assign a Really Big Disk to the partition that
syslogd writes to.

I kinda like the printing option, but I would imagine that you'd have
to have a Really Fast Printer with Lots Of Paper (and maybe a Really
Big Buffer :) in order to avoid the denial of service attack.

-- 
Jim Carroll --  jimc @
 e-Commerce .
 Com
e-Commerce, Inc., 1030 Kamato Road, Suite 201
Mississauga, Ontario, Canada    L4W 4B6
Tel:  +1 905 602 0863    Fax:  +1 905 602 8402

References:

Syslog
From: smartin @ fujitsu . ca (Stephen Martin)

Indexed By Date	Previous:	IP filtering on Solaris From: chris . winters @ amail . amdahl . com
Indexed By Date	Next:	Re: syslogd risk From: Ken Hardy <ken @ bridge . com>
Indexed By Thread	Previous:	Syslog From: smartin @ fujitsu . ca (Stephen Martin)
Indexed By Thread	Next:	Re: Syslog From: z056716 @ uprc . com (LaCoursiere J. D. (Jeff))