[GLLUG] Trickle logs to a DVD-R disk?

Lachniet, Mark mlachniet at analysts.com
Fri Aug 24 09:30:59 EDT 2007 

Right, I do the same thing for Windows boxes and firewalls and such (Kiwi and Sawmill will go a long way) but I was hoping for something self-contained.  Thanks!
 
Mark Lachniet
Solutions Architect - Security
3101 Technology Blvd. Suite A
Lansing, MI 48910
(517) 336-1004 (voice)
mailto:mlachniet at analysts.com
  

________________________________

From: Ed Thomson [mailto:ethomson at edwardthomson.com]
Sent: Fri 8/24/2007 9:29 AM
To: Lachniet, Mark
Cc: linux-user at egr.msu.edu
Subject: Re: [GLLUG] Trickle logs to a DVD-R disk?



Mark-

I've never streamed logs to removable media.  Real-time streaming to 
CD/DVD or tape sounds like it might be difficult, as you'd probably 
have write buffer underruns (and probably coasters) or tape hitching, 
respectively.

You could have a cron job copy the syslogs every few minutes to a 
safe location and put them on a media that you could append to.  
Presumably this is DVDs due to their large storage capacity, you can 
keep appending logs for quite a while.  My concerns with this would 
be that one bad session could compromise your logs, and that a good 
attacker would notice this and may be able to disable it before logs 
of his activity got written.  But those are pretty minor concerns, 
this doesn't sound like a bad solution.

To offer an alternative, we use a dedicated loghost for this sort of 
thing.  We have a machine which is firewalled such that it only 
allows (authenticated, encrypted) inbound connections on the syslog 
port, and allows no outbound connections.  (We log in on the console 
only.)  We firewall it at the kernel level via iptables as well as on 
our core router.  It dumps logs to tape nightly.  We feel that this 
is appropriately secure for our needs:  it's unlikely that anybody 
could get in to the loghost, unless there's a major remote-
exploitable vulnerability in syslog.

Cheers-

-Ed

On Aug 24, 2007, at 7:09 AM, Lachniet, Mark wrote:

> Anyone know of a good way to set up a Linux box so that you can 
> copy your logs in real-time (or near to it) to a DVD-R that is 
> inserted in the box?  I'd like to have a more permanent form of 
> logging so that if the HD dies or gets hacked, there is a backup 
> that went to the DVD burner in a more permanent form.
>
> Thanks,
>
> Mark Lachniet
> Solutions Architect - Security
> 3101 Technology Blvd. Suite A
> Lansing, MI 48910
> (517) 336-1004 (voice)
> mailto:mlachniet at analysts.com
>
> _______________________________________________
> linux-user mailing list
> linux-user at egr.msu.edu
> http://mailman.egr.msu.edu/mailman/listinfo/linux-user



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.egr.msu.edu/mailman/public/linux-user/attachments/20070824/d3de10cc/attachment.html

More information about the linux-user mailing list