Honeypots: Re: Send strace output through syslog-ng

["BB () umd" <bbenard () umd edu>]

Well I did not think about this, but it seems to be a great idea. Thanks a
lot.

However, I decided to open a new port and to send syslog data through it so
that it is really easy to administrate. It works great.

Thanks for your help,

Regards,



BB () umd wrote:
> Good afternoon.
>
> I have a honeypot which syslog-ng running. I configured it so that it can
> send all the log files to a remote web server. (So that mean I have
> already configured syslog-ng on this web server too) No matter with that,
> it works great.
>
> Then, on my honeypot, I have a strace command attached to my ssh server.
> It gathers strace outputs in a strace.log file. Here is this command :
> strace -f -q -p `cat /var/run/sshd.pid` -o /var/log/strace.log &
>
> Now, I would like to send the strace output (/var/log/strace.log) to my
> server through syslog-ng. So, on my honeypot, I added the following in my
> syslog-ng.conf in the source section:
> file ("/var/log/strace.log").
>
> However, now, on the server side, I do not know how to configure syslog-ng
> in order to retrieve this strace output only. Is there a special filter
> for strace in syslog-ng ? (Usually, for example, I am using "filter {
> facility(auth);};" to filter auth.log : so is there something similar with
> strace ?)
>
> Regards,
> BB
-- 
View this message in context: http://www.nabble.com/Send-strace-output-through-syslog-ng-tp24814871p24828047.html
Sent from the Honeypots mailing list archive at Nabble.com.