I would collect the log(in particolar auditd but also other syslog log) produced by several linux server in a centralized syslog server installed in a linux server.
I would configure the centralized syslog server in a secure network where the centralized syslog server can initiate connections to the other server but the other server producing the logs (some of them are exposed also on internet) can't initiate any connections to it.
I know that rsyslog allows to send log to a remote syslog using tcp or udp as described for example in http://www.rsyslog.com/sending-messages-to-a-remote-syslog-server/ but in this case I can't use it because the servers can't send log to the centralized syslog server for the restriction described above.
Are there other log shipping tools or software working with a pull strategy indeed of the "push" strategy used by rsyslog?
Best Answer
I assume you can ssh between your machines. Maybe you can try to tunnel syslog over ssh