TracNav menu
-
Definitions
-
Terms
- honeyclient
- firewall
- host
- remote resource
- internal network
- dmz network
-
Components
- HoneyClient::Agent
- HoneyClient::Manager
- HoneyClient::Util
-
FAQ
- General
- Licensing
- Troubleshooting
- Related Work
-
User Guide
- Setup Host
- Setup Firewall VM
- Setup Honeyclient VM
- Setup Drone
- Startup
- Notes
- Troubleshooting
-
Developer Guide
- Repository Layout
- Code Stability Status
- Anonymous Checkout
- Authenticated Checkout
- Committing Code
- Packaging
-
Methodologies
- Lockdown VM Guide
- Registry Parsing
- Scanning Active Content
- Scoring HTML Links
How to enable remote logging support with sysklogd
(These were the steps taken on Ubuntu 7.10 which uses sysklogd by default.)
1. Edit /etc/default/syslogd and change:
SYSLOGD=""
To
SYSLOGD="-r"
2. Then, restart the sysklogd daemon, by typing the following commands (as root):
/etc/init.d/sysklogd restart
3. To confirm that it is working, you should see the following results when you execute this command:
root@system:/etc# netstat -an | grep 514 udp 0 0 0.0.0.0:514 0.0.0.0:*
Note: It is recommended that you apply a firewall rule on the host system, in order to only accept syslog messages (udp 514 packets) from systems on the 10.0.0.0/24 subnet.
Enable outputting all messages with sysklogd
(These were the steps taken on Ubuntu 7.10 which uses sysklogd by default.)
1. Edit /etc/syslog.conf and change:
#
# Some `catch-all' logfiles.
#
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
To
#
# Some `catch-all' logfiles.
#
*.* -/var/log/messages
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
2. Then, restart the sysklogd daemon, by typing the following commands (as root):
/etc/init.d/sysklogd restart
