Security Basics mailing list archives
Re: Syslog events
From: Nathaniel Hall <halln () otc edu>
Date: Tue, 30 Nov 2004 16:55:31 -0600
I am unsure about file permissions, but I can tell you what we do with our syslog server. We have approximatly 70 servers, 15 of which log to the syslog server (all Linux servers and a firewall). To prevent not logging an event we want, we send all syslog messages (*.*) to the logging server. From there, we split the different types of logs into the different files. If you do this, make sure you watch the server load and make sure that messages are not being dropped or lost due to too many messages being sent on a small pipe or on a slow network.
Nathaniel Hall, GSEC Intrusion Detection and Firewall Technician Ozarks Technical Community College -- Office of Computer Networking halln () otc edu 417-447-7535 Juan B wrote:
Hi, I set up a syslog server on my network. on the linux machines I put the line:security.* @loghost know when I issue the command (for example) su- i see an event on the syslog. I want that also filepermmissions will be loged in the syslog. also,what do you think I need to log to the syslog? on windows and linux machines ( hope it wont kill my syslog). thnaks,__________________________________ Do you Yahoo!? The all-new My Yahoo! - What will yours do? http://my.yahoo.com
Current thread:
- Re: Syslog events Nathaniel Hall (Nov 30)