Security Basics mailing list archives
RE: syslog
From: "Michael Shirk" <shirkdog () cryptomail org>
Date: Fri Sep 24 07:11:51 EDT 2004
You can use snare on the Windows servers, and I believe you can do some customising of the network devices to get them
into a syslog format and send all of the logs to a stealth logger (no ip, just mac address).
Envision is a product that can do all syslog style formats from different sources. I believe you would still need snare
for the windows servers.
http://www.network-intelligence.com/
Shirkdog
-----Original Message-----
From: Nhon.Tran () logicacmg com [mailto:Nhon.Tran () logicacmg com]
Sent: Monday, September 20, 2004 3:36 AM
To: security-basics () securityfocus com
Subject: syslog
Importance: Low
Hi all
One of the companies I support wants to implement a syslog strategy for all
their infrasturcture devices.. Unix boxes, windows server, cisco comms
devices. To hopefully capture all the logs, we're talking about lots of
logs, their domain servers log about 300K items a day!.. Unix boxes log
heaps too about 70K per day per server!.. They have around 80 unix server,
120 windows servers and about 150 comms devices.. Any idea what the best way
to go about this would be, also any suggestions of what log analysis
software to use?
Nhon
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary
material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to,
retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and
any attachment and all copies and inform the sender. Thank you.
---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.
http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------
!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+
CryptoMail provides free end-to-end message encryption.
http://www.cryptomail.org/ Ensure your right to privacy.
Traditional email messages are not secure. They are sent as
clear-text and thus are readable by anyone with the motivation
to acquire a copy.
!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+
---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.
http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------
Current thread:
- syslog Tran, Nhon (Sep 23)
- <Possible follow-ups>
- RE: syslog Anich, Ryan L (Sep 24)
- Re: syslog Thomas Harris (Sep 27)
- Re: syslog Ramon Kagan (Sep 30)
- Re: syslog Thomas Harris (Sep 27)
- RE: syslog Michael Shirk (Sep 25)
- RE: syslog R. Maheswaran (Sep 27)
- RE: syslog Clarke, Tyronne (Contractor) (Sep 28)