PaulDotCom mailing list archives
Re: Setting up a syslog server
From: Xavier Mertens <xavier () rootshell be>
Date: Mon, 7 Jan 2013 14:58:45 +0100
Hi Robin, Consider using Syslog over TCP (+ TLS if you can't trust the network - can we? :-) rsyslog has a nice feature to queue your events when the central rsyslog is not available. Alternatively, you can use Splunk in distributed mode: collect locally and send to a central Splunk server (http://blog.rootshell.be/2012/12/22/howto-distributed-splunk-architecture/) (Splunk may become expensive if >500MB of data processed per day) /x -- Can't sleep, hackers will eat me! PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x42D006FD51AD7F2C On 07 Jan 2013, at 00:30, Robin Wood <robin () digininja org> wrote:
On 6 January 2013 21:54, Doug Burks <doug.burks () gmail com> wrote:Hi Robin, One option would be to install Security Onion and enable ELSA. You'll automatically get syslog-ng and a nice web interface to hunt through your logs.I might do that as the server side, just need to figure out how to get various machines to send all their stuff to it. RobinThanks, Doug On Sunday, January 6, 2013, Robin Wood wrote:Hi I'm going to be setting up a syslog server for the first time next week, can anyone recommended any good guides? I know there are quite a few out there but want a good, tested, one. Robin-- Doug Burks http://securityonion.blogspot.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Setting up a syslog server Robin Wood (Jan 06)
- Re: Setting up a syslog server Brett (Jan 06)
- Re: Setting up a syslog server Robin Wood (Jan 06)
- Re: Setting up a syslog server Carlos Perez (Jan 06)
- Re: Setting up a syslog server Robin Wood (Jan 06)
- Re: Setting up a syslog server Doug Burks (Jan 06)
- Re: Setting up a syslog server Robin Wood (Jan 06)
- Re: Setting up a syslog server Xavier Mertens (Jan 07)
- Re: Setting up a syslog server Ralph Durkee (Jan 07)
- Re: Setting up a syslog server Robin Wood (Jan 07)
- Re: Setting up a syslog server Champ Clark III (Jan 07)
- Re: Setting up a syslog server Tom Handlon (Jan 07)
- Re: Setting up a syslog server Robin Wood (Jan 06)
- Re: Setting up a syslog server Brett (Jan 06)
- Re: Setting up a syslog server Albert R. Campa (Jan 07)
- Re: Setting up a syslog server John Franklin (Jan 07)
- Re: Setting up a syslog server Robin Wood (Jan 07)