Syslog Messages over insecure Networks (3 x E250, all Solaris 9)

Dear Group, I'm currently logging syslog messages from several boxes to my admin machine (using the loghost directive in /etc/hosts). What would be the easiest way of securing the information against eavesdropping? I don't trust the network, and would sooner not have every error message being subject to snoop. I figured tunnelling through SSH would be the way to go, but I've no idea where to start. Could someone point me in the right direction, or better yet provide a solution (bearing in mind I'm still finding my Unix legs)... Many thanks, Gareth Crispin DCS Engineer

Gareth Crispin wrote: > Dear Group, > > I'm currently logging syslog messages from several boxes to my admin > machine (using the loghost directive in /etc/hosts). > > What would be the easiest way of securing the information against > eavesdropping? I don't trust the network, and would sooner not have every > error message being subject to snoop. > > I figured tunnelling through SSH would be the way to go, but I've no idea > where to start. > For stuff Sun documentation is not likely to cover, I generally find that Google is a good place to start. Searching the web or the groups often find answers or ideas that work well. > Could someone point me in the right direction, or better yet provide a > solution (bearing in mind I'm still finding my Unix legs)... > > Many thanks, > > Gareth Crispin > DCS Engineer If you want to use ssh, you may try adapting this: http://www.frozenblue.net/tools/howtos/?v=ssh-tunnel You can find the port for syslog in /etc/services. You can also search for how to set this up with ssh passwordless login but you will need to understand the risks in doing so. Of course, the link above was just the first link I found in a google search. You may be able to find others.

In article <bj6gf0$fhj$1@news8.svr.pol.co.uk>, "Gareth Crispin" <askme@please.com> writes: > Dear Group, > > I'm currently logging syslog messages from several boxes to my admin machine > (using the loghost directive in /etc/hosts). > > What would be the easiest way of securing the information against > eavesdropping? I don't trust the network, and would sooner not have every > error message being subject to snoop. Create an IPsec tunnel between the machines, and direct the syslog messages to the tunnel. (Could use the tunnel for all traffic between the machines.) -- Andrew Gabriel Consultant Software Engineer

On Thu, 4 Sep 2003 05:52:22 +0100, "Gareth Crispin" <askme@please.com> wrote: >Dear Group, > >I'm currently logging syslog messages from several boxes to my admin machine >(using the loghost directive in /etc/hosts). > >What would be the easiest way of securing the information against >eavesdropping? I don't trust the network, and would sooner not have every >error message being subject to snoop. > >I figured tunnelling through SSH would be the way to go, but I've no idea >where to start. > >Could someone point me in the right direction, or better yet provide a >solution (bearing in mind I'm still finding my Unix legs)... > >Many thanks, > >Gareth Crispin >DCS Engineer > There is also a recent article in sysadmin mag about replacing the UDP syslog with a TCP/IP based encrypted perl-message-thingy. It could give you some ideas. Unifying Web Clusters with Spread http://www.samag.com/documents/s=7789/sam0302a/0302a.htm Oh wait, somebody went and did all the work for you: Remote System Logs via SSH http://www.samag.com/documents/s=1149/sam0106s/0106s.htm BTW, I don't think your syslog is that interesting enough to snoop. I'd much rather read your email. CA

Hello Gareth, Am Thu, 4 Sep 2003 05:52:22 +0100 schrieb "Gareth Crispin" <askme@please.com>: > Could someone point me in the right direction, or better yet provide a > solution (bearing in mind I'm still finding my Unix legs)... I'm using tunneling with zebedee (blowfish encryption), which uses somekind of public/private-key authentication for using the tunnel. Stunnel for X.509 certificates should also work fine. You can use your old style syslog with UDP tunneling (but not with stunnel !). But I recommended the better way on using syslog-ng and syslog-over-tcp. There are some websites out there providing detailed information howto use this tools. Works fine with more than 40 servers here. > Many thanks, > Gareth Crispin > DCS Engineer cu Dave -- Against TCPA - nothing fights like the opposition http://www.againsttcpa.com

"Gareth Crispin" <askme@please.com> writes: >I'm currently logging syslog messages from several boxes to my admin machine >(using the loghost directive in /etc/hosts). >What would be the easiest way of securing the information against >eavesdropping? I don't trust the network, and would sooner not have every >error message being subject to snoop. What about using ipsec if only specifically for syslog messages? All standard with Solaris 9. Casper -- Expressed in this posting are my opinions. They are in no way related to opinions held by my employer, Sun Microsystems. Statements on Sun products included here are not gospel and may be fiction rather than truth.

On Thu, 4 Sep 2003 05:52:22 +0100 "Gareth Crispin" <askme@please.com> wrote: > Dear Group, > > I'm currently logging syslog messages from several boxes to my admin machine > (using the loghost directive in /etc/hosts). > > What would be the easiest way of securing the information against > eavesdropping? I don't trust the network, and would sooner not have every > error message being subject to snoop. I would go with IPSec. /fc