I was recently trying to configure syslog on my Windows XP PC … typically, what I do is on the firewall, have it send logs to an external syslog server … that being my PC. So I was trying a test, to see if using a different listening port on syslog what work. I do have 3CDaemon on my PC, but it doesn’t allow me to change the syslog port. So I went ahead and downloaded Kiwi syslog server.
In my testing, I was not able to see Kiwi log any messages. I thought that was strange … should be slam dunk. I went to my 3CDaemon syslog server, and I was able to see messages being logged, so I know it’s not a configration issue with my firewall. After looking through the help files on Kiwi, I see that Windows Firewall will block all incoming connections. I normally don’t enable Windows Firewall, because usually, I am behind a firewall … but this time, I saw that it was enabled. So I went into the Control Panel, disabled the firewall, and voila …. I now see messages being logged. Cool.
But what is disconcerting is that 3CDaemon is logging even with the Windows Firewall enabled. Hmmm … is 3CDaemon using some special process that communicates at a different stack level than Windows Firewall? That’s a little bit alarming … maybe that’s why some don’t like 3CDaemon. However, it is quick and convenient, but may not be the most secure thing … or should we say that Windows Firewall is not the most secure?
Sevencyclist's Blog 