osresearch / jumphost

ssh jump host appliance
25 stars 2 forks source link

Network logging with rsyslogd #2

Open osresearch opened 2 years ago

osresearch commented 2 years ago

Should have a demo of how to do network logging so that the system doesn't need a console.

osresearch commented 2 years ago

sysklogd is a fairly small logger and seems to work. This is enough in /etc/syslogd to send it to outside machines:

*.* /dev/console
*.* @safeboot:9999 ; RFC5424

busybox also has a syslogd with a very simple -R host:port format. The downside is that for appliances that do not want a shell, busybox might be too much attack surface. A specialized version could be built with only the logger, although that seems like a bit of a waste... (and not much of a savings - busybox with only syslogd enabled is still 84 KB, while sysklogd is 63KB)