LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
LinkBack Search this Thread
Old 06-01-2008, 11:25 AM   #1
abefroman
Senior Member
 
Registered: Feb 2004
Location: Chicago
Distribution: CentOS
Posts: 1,249

Rep: Reputation: 53
Will the BFD or any brute force detector work if I am logging to a remote syslog serv


Will the BFD or any brute force detector work if I am logging to a remote syslog server?

BFD is here:
http://rfxnetworks.com/bfd.php
and it will automatically block and IP with the APF firewall, after 6 login failures.

APF is here:
http://rfxnetworks.com/apf.php

Will that or any other brute force detectors work if I have it syslogd logging to a remote server?

In the conf.bfd file, it specifies the local server path to message and secure, and if I have the server logging to a remote server I don't believe any messages go there:
# Do kernel logging
USE_KLOG="1"
#
# System kernel log
KLOG="/var/log/messages"
#
# System secure log
SLOG="/var/log/secure"

Is there any to get brute force blocking and remote server logging?
 
Old 06-02-2008, 03:50 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,344

Rep: Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945
not sure what the question is... syslog has nothing to do with logging in to systems, so wouldn't cause any conflict there.
 
Old 06-02-2008, 05:08 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,521
Blog Entries: 51

Rep: Reputation: 2600Reputation: 2600Reputation: 2600Reputation: 2600Reputation: 2600Reputation: 2600Reputation: 2600Reputation: 2600Reputation: 2600Reputation: 2600Reputation: 2600
Quote:
Originally Posted by abefroman View Post
if I have the server logging to a remote server I don't believe any messages go there
If you verified BFD logs to syslog locally, then are there any facility.priority pairs syslog.conf or equiv does not forward to remote?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[syslog-ng] logging remote server by IP address noir911 Linux - Server 3 02-12-2008 03:25 AM
ssh brute force, how do they work? galle Linux - Security 3 03-10-2006 06:58 AM
Pix logging on syslog... logrotate does not work logicalfuzz Linux - Software 0 03-06-2006 12:04 AM
logging to a remote syslog server is dropping packets draeician73 Linux - Security 1 10-20-2004 06:19 PM
SYSLOG - logging to Remote Host dvong3 Linux - Networking 4 09-24-2002 07:14 AM


All times are GMT -5. The time now is 11:18 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration