remote logging -- newbie question
Kevin Partridge
kgp at nethere.com
Thu Nov 21 15:40:05 PST 2002
I'd see it as an initial line of logging via udp (preset arp tables)
with more robust logging being performed from a sniffing bridge
but if you don't plan on prosecuting (or any other highly detailed
analysis) then the udp logging may be enough for troubleshooting and
notification of problems
i may try this and let you all know what i find.
sounds plausible to me. but then again i totally understand the Missouri
sentiments.
Kevin
At 03:30 PM 11/21/2002 -0800, you wrote:
>Gabriel Sechan wrote:
> > At 02:49 PM 11/21/2002 -0800, you wrote:
> > >In order to make sure your log server is real secure, you can
> cut >>the Tx
> > >lines on the ethernet cable at the log server end so that it can only
> > >receive and not transmit.
> >
> > While we're at it- how would you know what ethernet MAC to send to, if it
> > couldnt respond to ARP and RARP packets? Hardcoded on the client?
>
>and some switches won't even see the Tx cut line because there is no
>heartbeat. i'd love someone to actually demonstrate this setup. i have
>heard it mentioned and debunked on several occasions, but have never
>heard of anyone _themselves_ doing it (a friend of a friend whose uncle
>knows someone at nasa that has a neice that cuts kevin bacon's hair...)
>
>-john
>
>--
> http://www.kernel-panic.org
> list archives http://www.ultraviolet.org
> To unsubscribe, send a message to the address shown in the list-unsubscribe
> header of this message.
More information about the KPLUG-List
mailing list