Hello all,
I need to bullet proof my Syslog Server to comply with MRS CIP standards. Can anyone tell me the ports and services that can be disabled without affecting the operations of the Syslog Server?
It really depends on what ports you are using for logging purposes because it is customizeable. The primary default port if you are JUST capturing syslog messages is UDP 514. If you're using webaccess you might want to keep those ports open as well as DNS.
If you're using SNMP to capture traps as logs you might want to keep that open as well. And any other ports you've configured to capture logs from applications etc...
Aside from that, you can close any other ports you're not using for normal server operation.
As far as services, you want to keep the kiwi services running and any DB Services you are using, but aside from that, this is just a standard server you'll want to disable any services you would on any other application server. Without knowing what OS and version you are running, it's significantly easier to tell you what NOT to disable.
