TracNav menu
-
Definitions
-
Terms
- honeyclient
- firewall
- host
- remote resource
- internal network
- dmz network
-
Components
- HoneyClient::Agent
- HoneyClient::Manager
- HoneyClient::Util
-
FAQ
- General
- Licensing
- Troubleshooting
- Related Work
-
User Guide
- Setup Host
- Setup Firewall VM
- Setup Honeyclient VM
- Setup Drone
- Startup
- Notes
- Troubleshooting
-
Developer Guide
- Repository Layout
- Code Stability Status
- Anonymous Checkout
- Authenticated Checkout
- Committing Code
- Packaging
-
Methodologies
- Lockdown VM Guide
- Registry Parsing
- Scanning Active Content
- Scoring HTML Links
Enabling remote logging support and outputting all messages with syslog-ng
1. Edit the /etc/syslog-ng/syslog-ng.conf to look like this:
options {
chain_hostnames(off);
sync(0);
# The default action of syslog-ng 1.6.0 is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats(43200);
# Make sure the newly rotated syslog files are readable by the honeyclient
# daemon.
perm(0644);
};
source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); udp(ip(10.0.0.1) port(514)); };
destination messages { file("/var/log/messages"); };
# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };
log { source(src); destination(messages); };
log { source(src); destination(console_all); };
2. Restart the syslog-ng service, by typing the following commands (as root):
/etc/init.d/syslog-ng restart
