Taken from the man page for syslogd (yes, another wild Saturday night):
There are a number of methods of protecting a machine:
1. Implement kernel firewalling to limit which hosts or networks have access to the 514/UDP socket.
2. Logging can be directed to an isolated or non-root filesystem which, if filled, will not impair the machine.
3. The ext2 filesystem can be used which can be configured to limit a certain percentage of a filesystem to usage by root only. NOTE that
this will require syslogd to be run as a non-root process. ALSO NOTE that this will prevent usage of remote logging since syslogd will be
unable to bind to the 514/UDP socket.
4. Disabling inet domain sockets will limit risk to the local machine.
5. Use step 4 and if the problem persists and is not secondary to a rogue program/daemon, get a 3.5 ft (approx. 1 meter) length of sucker rod*
and have a chat with the user in question.
Sucker rod def. -- 3/4, 7/8 or 1in. hardened steel rod, male threaded on each end. Primary use in the oil industry in Western North Dakota
and other locations to pump 'suck' oil from oil wells. Secondary uses are for the construction of cattle feed lots and for dealing with
the occasional recalcitrant or belligerent individual.
