Samhain | ||
---|---|---|
<<< Previous | Configuration — yule, the log server | Next >>> |
yule (version 1.2.8+) can listen on port 514/udp to collect reports from syslog clients. This must be enabled by using the --enable-udp configure option when compiling. In addition, in the Misc section of the configuration file, you must set the option SetUDPActive=yes.
This option requires to run yule either as root, or as SUID root. For security, yule will drop root privileges irrevocably immediately after binding to port 514/udp. It will assume the credentials of some compiled-in user. The default is 'nobody', but you should probably change this with the --enable-identity=NAMEX option. Daemons should run as a dedicated user, not as 'nobody'.
![]() | NOTE |
---|---|
Note that in this case you cannot use a privileged port (< 1024) for the samhain client(s) because yule does not have root privileges anymore when binding to that port. The default is 49777, which causes no problem. |
<<< Previous | Home | Next >>> |
Server status information | Up | Performance tuning |