[GLLUG] Trickle logs to a DVD-R disk?

Ed Thomson ethomson at edwardthomson.com
Fri Aug 24 09:29:06 EDT 2007 

Mark-

I've never streamed logs to removable media.  Real-time streaming to  
CD/DVD or tape sounds like it might be difficult, as you'd probably  
have write buffer underruns (and probably coasters) or tape hitching,  
respectively.

You could have a cron job copy the syslogs every few minutes to a  
safe location and put them on a media that you could append to.   
Presumably this is DVDs due to their large storage capacity, you can  
keep appending logs for quite a while.  My concerns with this would  
be that one bad session could compromise your logs, and that a good  
attacker would notice this and may be able to disable it before logs  
of his activity got written.  But those are pretty minor concerns,  
this doesn't sound like a bad solution.

To offer an alternative, we use a dedicated loghost for this sort of  
thing.  We have a machine which is firewalled such that it only  
allows (authenticated, encrypted) inbound connections on the syslog  
port, and allows no outbound connections.  (We log in on the console  
only.)  We firewall it at the kernel level via iptables as well as on  
our core router.  It dumps logs to tape nightly.  We feel that this  
is appropriately secure for our needs:  it's unlikely that anybody  
could get in to the loghost, unless there's a major remote- 
exploitable vulnerability in syslog.

Cheers-

-Ed

On Aug 24, 2007, at 7:09 AM, Lachniet, Mark wrote:

> Anyone know of a good way to set up a Linux box so that you can  
> copy your logs in real-time (or near to it) to a DVD-R that is  
> inserted in the box?  I'd like to have a more permanent form of  
> logging so that if the HD dies or gets hacked, there is a backup  
> that went to the DVD burner in a more permanent form.
>
> Thanks,
>
> Mark Lachniet
> Solutions Architect - Security
> 3101 Technology Blvd. Suite A
> Lansing, MI 48910
> (517) 336-1004 (voice)
> mailto:mlachniet at analysts.com
>
> _______________________________________________
> linux-user mailing list
> linux-user at egr.msu.edu
> http://mailman.egr.msu.edu/mailman/listinfo/linux-user

More information about the linux-user mailing list