Re: Centrallizing logs

[m p <sumirati () yahoo de>]

 --- Rudy_D_Pereda () mail dbf state fl us schrieb: > 
> I would like to centralize my logs to one server.  The OS that I would be
> using would be FreeBSD 4.6.  My environment consists of cisco
> routers/firewalls, freebsd running ipfilter and web servers running on NT.
> I have two questions: 1) What syslog do you recommend?, 2) what software do
> you recommend to check logs?
>
> Any info will be much appreciated,
>
> thanks to all in advance,
>
> rdp

As for the ciscos: They report all things via syslog. 
As for ipfilter on FreeBSD: Via ipmon you can utilize syslog.
As for the web servers: Which one are you running? Apache can be talked into to
 log via syslog. I checked for IIS 4 (we are still running some of them here
*sigh*) - it can of course not log to anything else then to a file. Perhaps IIS
5 can do it - or you are not running IIS at all (if you are lucky).

For the questions:
1) I'm not a code monkey anymore. That was some years back in time ;). But the
functionality and handling of syslog-ng is ok for me. The quality of the code
is better approved by someone else.
2) Analog is quite handy. Originaly it is a web server log analyser. Some
people wrote scripts that you can analyse your ipf/BIND/sendmail/qmail/postfix
as if they were web logs. Or you write your own script to convert your logs to
what you want. Or use Perl and time to create a log tool to match _your_
requirements. The requierements may differ extremly.

Just my 2 cent.

Marc


__________________________________________________________________

Gesendet von Yahoo! Mail - http://mail.yahoo.de
Möchten Sie mit einem Gruß antworten? http://grusskarten.yahoo.de
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards