On Wed, 2006-03-08 at 00:50 -0500, Gene Heskett wrote: > Greetings all; > > My router has the ability to send access logs to an ip address, which is > assignable. > > My thoughts are to setup a virtual eth0:1 at an unused local addresss in > the 192.168.1 block, and simply copy everything that comes into that > port off to a logfile, plugging that logfile into logrotates schedule > and thereby keeping a log for forensic purposes. > > I've tried the usual culprits, like cat </dev/eth0:1, or dd > if=/dev/eth0:1 but neither of those seems to work, lack of a device, > and sure enough when I look in /devs on that old RH7.3 box, there are > no eth* entries. > > I'm probably in one of those situations where I can't see the tree for > all this forest in the way, so could someone toss me a clue please? ---- don't bother with all that nonsense...your syslog has the ability to accept, log, rotate, etc. from network devices... man syslogd /support for remote logging unless you feel like doing unnecessary gymnastics Craig
