Bsdtalk

News:DesktopBSD 1.6 and FreeBSD 6.3 released.Setting up a central syslog server.If you are concerned about the security of your logs, use a dedicated machine and lock it down.Keep clocks in sync.You may need to change log rotation schedule in /etc/newsyslog.conf. You can rotate based in size and/or time. This can be as much a policy decision as a hardware decision.On central log host, change syslogd flags to listen to network. Each BSD does this differently, so check the man pages. Also, check out the -n flag for busy environments.Make sure host firewall allows syslog traffic through.Be careful to limit syslog traffic to just the trusted network or hosts. FreeBSD man page refers to syslogd as a "remote disk filling service".For heavy logging environments, it is important to have a dedicated network. A down syslogd server can create a lot of "ARP who-has" broadcasts.Most network devices such as printers and commercial firewalls support sending to a central syslog server. Take a look at "Snare" for Windo