Slackware and syslog?
I have read the man page for syslog. I was wondering if there was some way to use syslog as an intrusion dedection system, logging unauthorized attempts to access my system. The man page seems to be for a piece of c code that is compiled along with the kernel. Since I have yet to build my own kernel (which I should probably do since I installed 9.1 without realizing 10 came out?) I don't think I know what the options were that it was compiled with. Right? Any info would be greatly appreciated.
If you are going to do IDS logging properly using syslog, then you would setup a syslogd (man syslogd) that you could log to over the network (ie, remotely). Any IDS application would then send messages to the remote syslogd rather than the local one. The advantage of doing this is if the attacker has root on the local box they can just wipe / "adjust" the logged syslog entries.
My guess is you were looking at "man syslog", which gives details of logging to syslog with applications you may write yourself in C.
Syslog is not an IDS system, it is merly a log facility enabling a varity of applications to log to a central place on a system. You would have IDS programs that log to syslog.
IDS is such a massive topic, here would proberly be the place to go for more general info and to see what software is around:
Snort is a popular IDS. I'm not sure about it's ability to log to a remote syslog daemon, but I'm sure it can. 8)
Thanks for the information. :)