Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

Re: Appropriate PIX logging level
From: David Lang <dlang () digitalinsight com>
Date: Wed, 26 Apr 2006 12:51:46 -0700 (PDT)

On Wed, 26 Apr 2006, Marcus J. Ranum wrote:

David Lang wrote:
I'm actually trying to keep filters out of the path (until the data hits the primary archive, after it's there, copies 
can (and will be) filtered like crazy)

Is that a specific requirement for some legal reason or something? It seems
somewhat, um, arbitrary.

in part it's concern about accusations of the logs being tampered with, and in part it's to protect me from myself, if there is no filtering software in the path it can't get misconfigured to filter too much and the worst case becomes that I have to go back to the files on disk (to the limits of the disk space, which nowdays is not much of a limit)

You might prefer taking a look at minirsyslog - it's got zero processing options
and just slams stuff to disk without doing anything fancy at all. You'll still have
the problem that you're going to need a separate input / processing loop
and, to me, it just makes more sense to inline all that stuff.

this is exactly the functionality I'm looking for. however for some reason I'm having trouble accessing the url I found for them (www.clueby4.org/minirsyslog) so you have another url for me to try?

David Lang

There are two ways of constructing a software design. One way is to make it so simple that there are obviously no 
deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies.
 -- C.A.R. Hoare

firewall-wizards mailing list
firewall-wizards () honor icsalabs com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]