LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-14-2004, 07:08 AM   #1
darklogik_org
Member
 
Registered: Jan 2004
Distribution: freebsd 5.3, openbsd 3.6, slackware 10
Posts: 96

Rep: Reputation: 15
A journey of frustration, secure logging. [rant]


Secure logging.

Logging from ONE MACHINE, through ONE SWITCH back up a CABLE TO ANOTHER MACHINE PHYSICALLY SITUATED RIGHT NEXT TO THE OTHER.

Simple?

PROVE IT.

I have spent six weeks now, just trying to do remote logging in real-time but NOT IN CLEARTEXT.

This cannot be done.

I have tried:

1. Stunnel. Could not encrypt UDP so...
2. Syslog-ng. Would not compile, any questions answered with blissful silence.
3. SSH and Netcat. Did not work, absolutely nothing happened, and I know how to use both programs.
4. IPSec. Tried FreeSwan, Super FreeSwan and OpenSwan. Have now compiled a record of two kernels a DAY on TWO machines, tried every configuration under the sun. Come to the conclusion that everyone else on the openswan mailing list finds it way too difficult to configure.

Anything else I have missed? I WILL not send my logs in cleartext over my network, so this means I will not send my logs anywhere. I wouldn't be so furious if I was using some obscure broken linux but I am using a relatively clean Slackware 9.1 install with a 2.6.1 kernel.

mark
 
Old 02-14-2004, 03:16 PM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 76
Well you already tried the two things I was going to recommend (syslog-ng and use TCP so you could tunnel it with stunnel or SSH), and IPSec tunnel between the machines. I'm not aware of any other way that it's possible to do it in real-time and encrypted.

Obviously, a lot of people have successfully setup syslog-ng and IPSec, so is it possible that there are "issues" with your distro, or that you just did not follow instructions correctly?
 
Old 02-14-2004, 03:57 PM   #3
darklogik_org
Member
 
Registered: Jan 2004
Distribution: freebsd 5.3, openbsd 3.6, slackware 10
Posts: 96

Original Poster
Rep: Reputation: 15
That's what frustrates me. I'm not blindly angry like I was earlier.

When I have a program I've never used before, I follow the documentation to the letter. The results of my application therefore rely entirely on the documentation.

I know that there's nothing wrong with my distro, as it was a minimal install of Slackware and I am meticulous (read obsessive) about keeping my machines in 100% working order.

I remember actually, I DID get syslog-ng to compile, but couldn't find any documentation that didn't assume you already knew everything about the program and had been using it for several years. All I want is to duplicate exactly my standard syslog setup, nothing more, (except I want it TCP instead of UDP).

According the mailing list, google and other linux forums (I belive I'd given up before I asked here), nobody in the world knows how to use this program. I find this very hard to believe.

Passed the day with some therapeutic noise-core.

mark
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
The journey of 1000 steps.... coldname LinuxQuestions.org Member Intro 4 06-05-2005 11:42 AM
its been a journey, glad I switched horndude LinuxQuestions.org Member Success Stories 2 03-31-2005 08:43 AM
Beginning of a long, arduous, Linux journey sdnewbie Linux - Newbie 2 10-04-2004 11:41 PM
rant, rant, rant (dselect) fenderman11111 Debian 2 07-06-2004 06:03 PM
A slackware journey.. or a bad dream? sxa Slackware 9 02-09-2004 10:59 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration