Re: IDS: how do you configure your firewall ( router ) to log to a different machine ?

[CyberPsychotic <mlists@gizmo.kyrnet.kg>]

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems.. Then email questions to ids-owner@uow.edu.au
NOTE: You MUST remove this line from reply messages as it will be filtered.
SPAM: DO NOT send unsolicted mail to this list.
USUB: email "unsubscribe ids" to majordomo@uow.edu.au
---------------------------------------------------------------------------

~ One way would be to keep the setup you have right now and have the same
~ information go to another set of mirror logs such as /usr/local/adm/messages.
~ Since it is an unusual place, the attacker will normally look only in the
~ standard Unix log directory structure (what would now be the trap) and the
~ real logs are save into the other directory untouched. You can add your
~ personal logs structure in the /etc/syslog.conf
~ 

 you assume noone can read your /etc/syslog.conf? is it cryptic?:-)
Security via obscurity never works out, trust me.