I had a colleague suggest setting up a server on a separate network that doesn't have an IP address to act as a log server. The idea being that you could broadcast log information and the log server could pick it up and store it, but there wouldn't be any way to actually connect to the box.
Is this something that people do? Has it been done before? Is it practical? Is it a good idea? How would it be implemented in Linux?
Thanks
Do you have some mayor paranoia?
Lots of things can be done, but you have to ask yourself, is this useful? Think about the amount of time you would need for such a solution to be implemented.
I guess you could do some kind of broadcast being sniffed by that logger box, but, to be honest, this sounds very impractical to me. Imagine someone sniffing your network and he gets all those interesting infos being written to your log host..
I think the better way is to use someting like syslog-ng with TLS secured communication channels between the sending and receiving servers..
regards, Comradin
not to say it's entirely a looney idea, although it is a bit on the fringe of it =)
We did something similar in my environment to track the logs of our custom VMS sockets, however instead of broadcast, we used multicast so that the various developers could fire up a client, set up a couple of filters, and have access to real-time data from said socket code.
For plain logging porpoises, I'd suggest a hardened box, with no services available except syslog, and very limited physical/console access.