|
Honeypots
mailing list archives
[Spam Quarantined]Re: centralizing logs
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Thu, 11 Mar 2004 11:37:15 -0500
There are several syslog gathering utilites that work okay. Most security
devices support syslogging (although the Windows version of Honeyd doesn't).
I'm not a big fan of the syslog standard because it doesn't decode messages
enough so all decoding and segmenting has to be done on the database engine
that you hook to the syslog backend (that is collecting all the messages),
but it's the only solution I have found to centralize all security logging.
I've been pleased with Kiwi's Syslog daemon on the Windows side, but there
are certainly lots of alternatives on all platforms.
Roger
****************************************************************************
****
*Roger A. Grimes, Computer Security Consultant
*CPA, MCSE:Security (NT/2000/2003/MVP), CNE (3/4), A+
*email: roger () banneretcs com
*cell: 757-615-3355
*Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly
*http://www.oreilly.com/catalog/malmobcode
*Author of upcoming Honeypots for Windows (Apress)
****************************************************************************
*****
----- Original Message -----
From: "dcneting" <zanoramy () streamyx com>
To: <honeypots () securityfocus com>
Sent: Thursday, March 11, 2004 7:44 AM
Subject: centralizing logs
is there any tool(open source/commercial) that can be use to centralized
every log into 1 database? Im using a lot of tools here like ethereal,
tcpdump,snort..bla bla bla...so, it is hard for me to see the log one by
one...
 By Date 
By Thread
Current thread:
|
Intro
