Hardening syslog-ng
I am running syslog-ng as my logging utility on Gentoo and was reading up on how the utility works; it provides a UDP port for remote logging. I am running the system on a laptop that is not part of any network or acting as a server.
My question is this, would it be okay just to disable this in /etc/services or do some local programs need this service up to perform logging correctly? Also, as an aside, how would I write to the messages file via syslog-ng from the command line (eg. within a bash script.) |
by default syslog-ng normally only listens locally, on 127.0.0.1. you can check the syslog-ng.conf file yourself to see whichnetworks are being listened to.
|
Quote:
It is part of the 'util-linux' package so should already be installed on a Gentoo system. |
Thanks Bulliver for the info on logging; this helps alot!
Acid Kewpie, Thanks for the information regarding networking port access on the syslog-ng utility. I tried checking out syslog-ng.conf but couldn't find any information related to network configuration. (besides chain_hostnames.) I checked out syslog-ng's website and looking at the sample config code, it seems that Gentoo automatically loads the ebuild with network logging disabled. Code:
options { |
yes, in fact while i'm not using gentoo on my work systems, it's their really great documentation that got it set up. gentoo might be run by a bunch of backstabbing hippies, but they do write *very* good documentation.
|
Is there nothing like this?:
Code:
source s_external { |
Correct, there is no statement in the config file as mentioned above. What I pasted into my last reply is the entire configuration file.
|
having something like syslog listening for external ip connections by default makes no sense whatsoever. it's just another security hole if that's the case, as 99.9%+ syslog instances in the world are only for the local host.
|
Quote:
|
All times are GMT -5. The time now is 08:56 AM. |