I'm just curious about how secure the setup of the built-in syslogd service is (on Ubuntu 12.04).
I was hoping to be able to firewall the server off to only accept messages from whitelisted clients, but I've not been able to find anything that suggests this is possible.
On the paranoid end of the scale - could an attacker attempt to gain access to my web server, and then use a botnet (or any other servers) to send junk syslog messages to my logging server?
This would make those logs a lot harder to read, and hopefully wouldn't cause any "auto purging" to remove the important parts.
I know there are alternatives such as syslog-ng, but I was curious if my concerns are actually things to worry about, and what the suggestions would be to counter them?
Edit I was being an idiot and not looking in the right places; it's not easy to find a UDP service when you're limiting the results to TCP only...
[link][11 comments]