Hello Everyone,
My apologies in the delay in posting this summary.
I can now confirm that we are running a version of syslog without the
syslog.auth file. I believe this may be included in the next round of patch
kits.
For those of you in a similar situation to me, please log a call with your
local Digital (COMPAQ) CSC. You can refer to call log K30617. This will have
all the details, including that new version of SYSLOG.
My thanks to Tony Hoffman and Adrian Morrisson at Digital for all their
assistance with this problem.
We are now successfully collecting Syslog information for out entire
network.
Cheers,
Guy
Original Posting:
Hello People,
I have an interesting problem here, and would welcome any comments. Please
note I have applied patch 3 to the DUX 4.0D box I am talking about.
It appears that someone, somewhere in digital thought that it would be a
good idea to make a secure version of syslog to prevent Denial Of Service
(DOS) attacks. Unfortunately this is going to cause us excessive grief.
The scenario is as follows:
We have a fairly flat network topology 8 POP's plus one central site.
Connected to these sites are currently 2500+ routers, growing to 3500+
routers. These routers syslog to our Unix administration host. Now you can
probably see the problem, implementing /etc/syslog.auth is not an acceptable
option.
As a router has multiple interfaces with multiple IP addresses, to collapse
this information I would have to make a logging-source address config on
these routers, not an acceptable answer. Furthermore, entering, and
maintaining several thousand /etc/syslog.auth entries is not my idea of
fun.
Now I noticed when running syslogd in debug mode, it looked for a null
length file called /etc/syslog.auth. I am trying to avoid rebuilding another
server to test this, and I can not afford to loose the logging information I
am currently collecting, so I need to know if anyone knows if I do:
mknod /etc/syslog.auth create a null length file
Will this disable security checking on SYSLOGD? Or am I going to have to
download (unless I can extract it from Digital) the syslogd.c and compile my
own daemon.
Does anyone have any good doco on syslog, the stuff in the DUX 4.0D kit and
website is pretty thin.
I have placed this call with Sydney CSC, and am waiting on an answer. Any
comments would be greatly appreciated.
Guy R. Loucks
Unix Systems Administrator
Networks Branch
NSW Department of Education & Training
Information Technology Bureau
Direct +61 2 9950 1887
Fax +61 2 9950 1600
Mobile +61 (0)18 041 186
Email guy.loucks_at_det.nsw.edu.au
Received on Mon Apr 19 1999 - 01:33:25 NZST