23 Mar
2004
23 Mar
'04
3:23 a.m.
On 23 Mar 2004, at 15:59, James Riden wrote:
There's a good paper by Schneier about how to make tamper-proof logs so you can detect unauthorised modifications, but it's easier to remote syslog to another server, one which doesn't do anything else. The truly paranoid will use a listen-only ethernet cable.
The truly paranoid also won't use syslog :-) Has anybody seen an implementation of RFC3195 in the wild, by the way? Joe