log4j-user

[Prev] Thread [Next]  |  [Prev] Date [Next]

Re: SyslogAppender on linux and aix Douglas E Wegscheid Fri Jun 26 14:00:45 2009

you can't write to Unix domain sockets (like /dev/log) from Java, so it 
has to go via IP. 

no IP spoofing involved: it writes to localhost (127.0.0.1), so syslog 
will see the messages as coming from localhost. I know that syslog-ng has 
the ability to only accept messages from certain addresses (other syslog 
daemons may also have this capability); configuring it to accept only from 
127.0.0.1 would be almost as secure as just accepting messages from 
/dev/log.

Douglas E Wegscheid
Lead Technical Analyst, Whirlpool Corporation
(269)-923-5278

"A wrong note played hesitatingly is a wrong note. A wrong note played 
with conviction is interpretation."



DASHGIR <[EMAIL PROTECTED]> wrote on 06/26/2009 04:24:03 PM:

> 
> Do you know why log4j requires to log as remote? How does it do it. IP
> spoofing?
> 
> thanks
> 
> 
> Ceki Gulcu wrote:
> > 
> > 
> > 
> > DASHGIR wrote:
> >> No error message, no output and the machine does not catch fire. 
> >> The hostname is indeed replaced with the machine hostname where the
> >> syslog
> >> daemon is running.
> >> I almost assumed that the syslog is setup to accept messages from the
> >> network. I will check with the admins.
> > 
> > By default, syslogd does not accept packets from the network, which is
> > probably 
> > the source of your problem.
> > 
> > -- 
> > Ceki Gülcü
> > Logback: The reliable, generic, fast and flexible logging framework 
for
> > Java.
> > http://logback.qos.ch
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > 
> > 
> > 
> 
> -- 
> View this message in context: http://www.nabble.com/SyslogAppender-
> on-linux-and-aix-tp24219637p24226771.html
> Sent from the Log4j - Users mailing list archive at Nabble.com.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>