Re: [bitfolk] Remote syslog?

On 14 March 2010 09:07, Andy Smith <andy@???> wrote:
> A recently-compromised customer appears to have had their system
> logs removed, which hampers investigation somewhat.
>
> Would a remote (BitFolk-operated) syslog server be useful?

Yes, it would be useful, but if you think people are rubbish at
configuring sshd, I wonder how much syslog noise they will tolerate.
I'll assume you'll need a retention period defined.

It will probably also cause skilled attackers to attempt entry to the
remote syslog server.

G