Security Basics mailing list archives
Re: syslog log collabration
From: Papapanagiotoy Theofilos <theofpa () otenet gr>
Date: Wed, 30 Jul 2003 10:14:18 +0000
Glenn English wrote:
On Tue, 2003-07-29 at 03:12, subscribe wrote:1. I'm not sure which syslog daemon to choose: syslogd or syslog-ng. Any comments?
I would recommend msyslogd (modular syslogd). I really like it's modules, supporting mysql, regular expressions, etc. Currently, my centralized syslog, has reached 873 MB in database, logging from 34 hosts (win, linux, solaris, with many services running on the machines) for about 2 months. The average of collecting syslog messages is 70.000 per day.
syslogd. Start it with the -r switch to have it listen on port 413, UDP.
syslog:~# grep syslog /etc/services syslog 514/udp
2. I have to make the syslog deamon secure so that only the hosts I chose can connect. Is there any whitepapers or recommendations on how to do this?On Linux, use iptables or ipchains as a packet filter.3. I need to have a good syslog analyzer to do the logs, report on email or web. What is the best tool for this?logwatch does a pretty good job. It's bundled with most Linux distros.
logwatch is great, but for windows machines/services logs, you have to write your own shell (or better perl) scripts. A php interface connecting to mysql and selecting logs using various parammeters could be usefull for your sysadmins. Papapanagiotoy Theofilos theofpa () otenet gr --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- syslog log collabration subscribe (Jul 29)
- Re: syslog log collabration Glenn English (Jul 29)
- Re: syslog log collabration oneyed (Jul 30)
- <Possible follow-ups>
- Re: syslog log collabration Papapanagiotoy Theofilos (Jul 30)