Honeypots mailing list archives
[Spam Quarantined]Re: centralizing logs
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Thu, 11 Mar 2004 11:37:15 -0500
There are several syslog gathering utilites that work okay. Most security devices support syslogging (although the Windows version of Honeyd doesn't). I'm not a big fan of the syslog standard because it doesn't decode messages enough so all decoding and segmenting has to be done on the database engine that you hook to the syslog backend (that is collecting all the messages), but it's the only solution I have found to centralize all security logging. I've been pleased with Kiwi's Syslog daemon on the Windows side, but there are certainly lots of alternatives on all platforms. Roger **************************************************************************** **** *Roger A. Grimes, Computer Security Consultant *CPA, MCSE:Security (NT/2000/2003/MVP), CNE (3/4), A+ *email: roger () banneretcs com *cell: 757-615-3355 *Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly *http://www.oreilly.com/catalog/malmobcode *Author of upcoming Honeypots for Windows (Apress) **************************************************************************** ***** ----- Original Message ----- From: "dcneting" <zanoramy () streamyx com> To: <honeypots () securityfocus com> Sent: Thursday, March 11, 2004 7:44 AM Subject: centralizing logs
is there any tool(open source/commercial) that can be use to centralized every log into 1 database? Im using a lot of tools here like ethereal, tcpdump,snort..bla bla bla...so, it is hard for me to see the log one by one...
Current thread:
- centralizing logs dcneting (Mar 11)
- [Spam Quarantined]Re: centralizing logs Roger A. Grimes (Mar 11)
- Re: centralizing logs SecurIT Informatique Inc. (Mar 11)
- RE: centralizing logs Aditya, ALD [Aditya Lalit Deshmukh] (Mar 12)
- Re: centralizing logs Michael Boman (Mar 13)
- <Possible follow-ups>
- RE: centralizing logs Polazzo Justin (Mar 15)