LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   Will the BFD or any brute force detector work if I am logging to a remote syslog serv (http://www.linuxquestions.org/questions/linux-software-2/will-the-bfd-or-any-brute-force-detector-work-if-i-am-logging-to-a-remote-syslog-serv-646226/)

abefroman 06-01-2008 11:25 AM

Will the BFD or any brute force detector work if I am logging to a remote syslog serv
 
Will the BFD or any brute force detector work if I am logging to a remote syslog server?

BFD is here:
http://rfxnetworks.com/bfd.php
and it will automatically block and IP with the APF firewall, after 6 login failures.

APF is here:
http://rfxnetworks.com/apf.php

Will that or any other brute force detectors work if I have it syslogd logging to a remote server?

In the conf.bfd file, it specifies the local server path to message and secure, and if I have the server logging to a remote server I don't believe any messages go there:
# Do kernel logging
USE_KLOG="1"
#
# System kernel log
KLOG="/var/log/messages"
#
# System secure log
SLOG="/var/log/secure"

Is there any to get brute force blocking and remote server logging?

acid_kewpie 06-02-2008 03:50 AM

not sure what the question is... syslog has nothing to do with logging in to systems, so wouldn't cause any conflict there.

unSpawn 06-02-2008 05:08 AM

Quote:

Originally Posted by abefroman (Post 3171196)
if I have the server logging to a remote server I don't believe any messages go there

If you verified BFD logs to syslog locally, then are there any facility.priority pairs syslog.conf or equiv does not forward to remote?


All times are GMT -5. The time now is 11:14 AM.