rsyslog

Remote Logging Using Syslog And Logging Shell Commands Remotely

Blog tags: 

While trying to come up with a simple keylogging solution that provides remote logging, I came across a pretty good solution of using the audit package and altering bash.

One of the problems I came across was that many of the keyloggers could not log any commands sent through a SSH connection - this does on Fedora anyways.

Edit /etc/rsyslog.conf and uncoment this line:

vi /etc/rsyslog.conf

*.* @192.168.18.1:514>/code>

<b>Note: this is where the remote server is.</b>

Install and run the following:

<code>yum install -y audispd-plugins pasacct

Subscribe to RSS - rsyslog