Continuing on the cleaning up my home network (aka Dummy!) theme , I decided to turn on remote syslog from one of my routers. We use syslog-ng on a lot of our boxes at work, but I've never actually configured it on any my Debian/Ubuntu boxes at home. How hard could it be? (HINT: A hell of a lot easier than on *BSD or *&$%*! Solaris)1) Install the package
apt-get install syslog-ng
This removes the default syslogd and creates a nice config file in /etc/syslog-ng/syslog.conf that mirrors (I think) your old syslog.conf
2) Enable remote UDP syslog:
Uncomment the udp() line in s_all
3) Add a destination
destination my_cisco { file ("/var/log/851.log"); };
4) Add the filter to grab stuff from my router
filter f_my_cisco { host("192.168.169.1"); };
5) Put them all together at the end of the file:
log {
source(s_all);
filter(f_my_cisco);
destination(my_cisco);
};
Oh if you are wondering about the SCADA/Dummy in the title. It refers to a thread on Server Monitoring on the SCADA Mailing list and the frequent tendency for control system folks to do a "default deny" and reject mature technologies (firewall, AV, IDS) or practices (patching security vulnerabilities or public disclosure of vulns by CERT/CC) as "office" or "IT" and therefore completely inappropriate for consideration in control system devices, applications, servers, networks, etc. Or perhaps it is just the light, or lack thereof, this far North.
2 comments:
For all the people at Suncor/Syncrude/etc. in Ft. Mac and here in the 'chuck... you might not be far off with the SAD thing.
Jason,
Sunlight is a powerful thing! Hey, very cool blog!
And somebody actually got PDB working, cool!
Post a Comment