yule (version
1.2.8+) can listen on port 514/udp to collect reports from
syslog clients. This must be enabled by using the
--enable-udp configure
option when compiling. In addition, in the
Misc section of the configuration file,
you must set the option
SetUDPActive=
yes
.
This option requires to run
yule either as
root, or as
SUID root. For security,
yule will drop root
privileges irrevocably immediately after binding to port
514/udp. It will assume the credentials of some compiled-in
user. The default is 'yule', 'daemon', or 'nobody' (i.e. the
first of these that exists on your system). You can override
this with the
--enable-identity=
USER
option. Note that
each daemon should have its own user/group, such that an
exploit will not give write access to files owned by other
daemons.