Firewall Wizards mailing list archives
Re: Centrallizing logs
From: Rudy_D_Pereda () mail dbf state fl us
Date: Thu, 12 Sep 2002 15:44:12 -0400
MP, Couldn't be that lucky, we still run IIS(4). On the NT side, have you used any software to redirect NT event logs to a syslog server? And thanks for your 2 cents. much appreciated. rdp |---------+----------------------------> | | m p | | | <sumirati@yahoo.d| | | e> | | | | | | 09/12/2002 03:20 | | | PM | | | | |---------+---------------------------->
--------------------------------------------------------------------------------------------------------------------------------------------------|
| | | To: Rudy_D_Pereda () mail dbf state fl us, firewall-wizards () nfr com, firewall-wizards-admin () honor icsalabs com | | cc: | | Subject: Re: [fw-wiz] Centrallizing logs |
--------------------------------------------------------------------------------------------------------------------------------------------------|
--- Rudy_D_Pereda () mail dbf state fl us schrieb: >
I would like to centralize my logs to one server. The OS that I would be using would be FreeBSD 4.6. My environment consists of cisco routers/firewalls, freebsd running ipfilter and web servers running on
NT.
I have two questions: 1) What syslog do you recommend?, 2) what software
do
you recommend to check logs? Any info will be much appreciated, thanks to all in advance, rdp
As for the ciscos: They report all things via syslog. As for ipfilter on FreeBSD: Via ipmon you can utilize syslog. As for the web servers: Which one are you running? Apache can be talked into to log via syslog. I checked for IIS 4 (we are still running some of them here *sigh*) - it can of course not log to anything else then to a file. Perhaps IIS 5 can do it - or you are not running IIS at all (if you are lucky). For the questions: 1) I'm not a code monkey anymore. That was some years back in time ;). But the functionality and handling of syslog-ng is ok for me. The quality of the code is better approved by someone else. 2) Analog is quite handy. Originaly it is a web server log analyser. Some people wrote scripts that you can analyse your ipf/BIND/sendmail/qmail/postfix as if they were web logs. Or you write your own script to convert your logs to what you want. Or use Perl and time to create a log tool to match _your_ requirements. The requierements may differ extremly. Just my 2 cent. Marc __________________________________________________________________ Gesendet von Yahoo! Mail - http://mail.yahoo.de Möchten Sie mit einem Gruß antworten? http://grusskarten.yahoo.de _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Centrallizing logs Rudy_D_Pereda (Sep 12)
- Re: Centrallizing logs m p (Sep 12)
- <Possible follow-ups>
- Re: Centrallizing logs Rudy_D_Pereda (Sep 12)
- Re: Centrallizing logs Alberto Cammozzo (Sep 13)
- Re: Centrallizing logs m p (Sep 13)
- Re: Centrallizing logs Thom Dyson (Sep 12)