15 Mar
2010
15 Mar
'10
11:11 p.m.
On 14 March 2010 09:07, Andy Smith <andy(a)bitfolk.com> wrote:
A recently-compromised customer appears to have had
their system
logs removed, which hampers investigation somewhat.
Would a remote (BitFolk-operated) syslog server be useful?
Yes, it would be useful, but if you think people are rubbish at
configuring sshd, I wonder how much syslog noise they will tolerate.
I'll assume you'll need a retention period defined.
It will probably also cause skilled attackers to attempt entry to the
remote syslog server.
G