logging to syslog in a stealth way

logging to syslog in a stealth way

[Albretch Mueller]

Hi *,

I could tell this is more of a Unix/Linux and syslog question, but since my 
end intention is using it with netfilter, I could imagine someone has come 
accross something like that before.

I would like for the logs produced by iptable (generally in 
/var/log/syslog), to be processed by an ng-syslog client and just popped as 
UDP packets

Search I did the mailing list (http://marc.theaimsgroup.com/?l=netfilter) 
for 'syslog udp' and couldn't find helpful info/leads and 'ng-syslog' or 
'ngsyslog' didn't give me a hit

How could you do something like that?

Thanks
Albretch

Re: logging to syslog in a stealth way

[Georgi Alexandrov]

Albretch Mueller wrote:

> Hi *,
>
> I could tell this is more of a Unix/Linux and syslog question, but 
> since my end intention is using it with netfilter, I could imagine 
> someone has come accross something like that before.
>
> I would like for the logs produced by iptable (generally in 
> /var/log/syslog), to be processed by an ng-syslog client and just 
> popped as UDP packets
>
> Search I did the mailing list 
> (http://marc.theaimsgroup.com/?l=netfilter) for 'syslog udp' and 
> couldn't find helpful info/leads and 'ng-syslog' or 'ngsyslog' didn't 
> give me a hit
>
> How could you do something like that?
>
> Thanks
> Albretch
>
>
>
>
What exactly you want to achieve with that ?

regards,
Georgi Alexandrov

RE: logging to syslog in a stealth way

[Albretch Mueller]

>What exactly you want to achieve with that ?

As the subject clearly states :-) "logging to syslog in a stealth way"

Do you know of any other/better way to do it?

Albretch

// - - - - - - - - - - - - - - - - - - - -
Date: Tue, 13 Sep 2005 18:54:02 +0300
From: Georgi Alexandrov <tehlists@hotpop.com>
Subject: Re: logging to syslog in a stealth way
To: netfilter@lists.netfilter.org
Message-ID: <4326F61A.8020402@hotpop.com>
Content-Type: text/plain; charset=windows-1251; format=flowed

Albretch Mueller wrote:

>Hi *,
>
>I could tell this is more of a Unix/Linux and syslog question, but since my 
>end intention is using it with netfilter, I could imagine someone has come 
>accross something like that before.
>
>I would like for the logs produced by iptable (generally in 
>/var/log/syslog), to be processed by an ng-syslog client and just popped as 
>UDP packets
>
>Search I did the mailing list (http://marc.theaimsgroup.com/?l=netfilter) 
>for 'syslog udp' and couldn't find helpful info/leads and 'ng-syslog' or 
>'ngsyslog' didn't give me a hit
>
>How could you do something like that?
>
>Thanks
>Albretch
>
>
>
>
What exactly you want to achieve with that ?

regards,
Georgi Alexandrov

Re: logging to syslog in a stealth way

[/dev/rob0]

On Thursday 2005-September-15 10:26, Albretch Mueller wrote:
> >What exactly you want to achieve with that ?
>
> As the subject clearly states :-) "logging to syslog in a stealth
> way"
>
> Do you know of any other/better way to do it?

Stealth means you are hiding. Who are you hiding from? You want logging 
to go to a remote syslog server but NOT to appear in the logs of the 
iptables machine?

Clarity of subject notwithstanding, your ultimate goal is far from 
clear. If my guess was correct, I think your only choice is ULOG. LOG 
is going to pass to the local kernel logging daemon.
-- 
    mail to this address is discarded unless "/dev/rob0"
    or "not-spam" is in Subject: header