Firewall Wizards mailing list archives

Re: Centrallizing logs

From: Rudy_D_Pereda () mail dbf state fl us
Date: Thu, 12 Sep 2002 15:44:12 -0400


MP,
Couldn't be that lucky, we still run IIS(4). On the NT side, have you used
any software to redirect NT event logs to a syslog server?

And thanks for your 2 cents. much appreciated.

rdp


|---------+---------------------------->
|         |           m p              |
|         |           <sumirati@yahoo.d|
|         |           e>               |
|         |                            |
|         |           09/12/2002 03:20 |
|         |           PM               |
|         |                            |
|---------+---------------------------->

--------------------------------------------------------------------------------------------------------------------------------------------------|

  |                                                                                                                     
                             |
  |       To:       Rudy_D_Pereda () mail dbf state fl us, firewall-wizards () nfr com, firewall-wizards-admin () honor 
icsalabs com                          |
  |       cc:                                                                                                           
                             |
  |       Subject:  Re: [fw-wiz] Centrallizing logs                                                                     
                             |

--------------------------------------------------------------------------------------------------------------------------------------------------|





 --- Rudy_D_Pereda () mail dbf state fl us schrieb: >

I would like to centralize my logs to one server.  The OS that I would be
using would be FreeBSD 4.6.  My environment consists of cisco
routers/firewalls, freebsd running ipfilter and web servers running on

NT.

I have two questions: 1) What syslog do you recommend?, 2) what software

do

you recommend to check logs?

Any info will be much appreciated,

thanks to all in advance,

rdp


As for the ciscos: They report all things via syslog.
As for ipfilter on FreeBSD: Via ipmon you can utilize syslog.
As for the web servers: Which one are you running? Apache can be talked
into to
 log via syslog. I checked for IIS 4 (we are still running some of them
here
*sigh*) - it can of course not log to anything else then to a file. Perhaps
IIS
5 can do it - or you are not running IIS at all (if you are lucky).

For the questions:
1) I'm not a code monkey anymore. That was some years back in time ;). But
the
functionality and handling of syslog-ng is ok for me. The quality of the
code
is better approved by someone else.
2) Analog is quite handy. Originaly it is a web server log analyser. Some
people wrote scripts that you can analyse your
ipf/BIND/sendmail/qmail/postfix
as if they were web logs. Or you write your own script to convert your logs
to
what you want. Or use Perl and time to create a log tool to match _your_
requirements. The requierements may differ extremly.

Just my 2 cent.

Marc


__________________________________________________________________

Gesendet von Yahoo! Mail - http://mail.yahoo.de
Möchten Sie mit einem Gruß antworten? http://grusskarten.yahoo.de





_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Centrallizing logs Rudy_D_Pereda (Sep 12)
- Re: Centrallizing logs m p (Sep 12)
- <Possible follow-ups>
- Re: Centrallizing logs Rudy_D_Pereda (Sep 12)
  - Re: Centrallizing logs Alberto Cammozzo (Sep 13)
  - Re: Centrallizing logs m p (Sep 13)
- Re: Centrallizing logs Thom Dyson (Sep 12)