Re: syslog log collabration

[Simon Smith <simon () snosoft com>]

Actually Glenn, He might want more options.

To answer question 1.

If you want to use mysql templates and record system logs to a mysql 
database or do something funky like that then you should use 
syslog-ng.  Syslog-ng is a very powerful replacement for syslogd, however 
it has had quite a few security flaws/vulnerabilities in it. It will listen 
on port 514 UDP which is the standard syslogd listen port.  If you start it 
with the -s flag it will run in what I think is called secure mode and will 
not listen to incoming external UDP data. (Glen, port 413 is not the 
standard syslogd listen port, what were you talking about?  did I miss 
something?)

To answer question 2.

If your system is behind a firewall create rules that block port 514 UDP 
from any external hosts to your log host. If it is not you probably want to 
install or configure some sort of firewall on the local host.  I think that 
syslog-ng has some support for what hosts can connect to the listen port, 
but I am not certain...

To answer question 3.

Define good?   When you say you need to have a good tool for this what do 
you mean exactally?  What do you want this to do for you? Are you looking 
to purchase something?  How big is your network, how big is your company?


At 09:43 AM 7/29/2003 -0600, Glenn English wrote:
> On Tue, 2003-07-29 at 03:12, subscribe wrote:
>
> > 1. I'm not sure which syslog daemon to choose: syslogd or syslog-ng.
> >    Any comments?
>
> syslogd. Start it with the -r switch to have it listen on port 413, UDP.
>
> > 2. I have to make the syslog deamon secure so that only the hosts I
> > chose can connect.
> >    Is there any whitepapers or recommendations on how to do this?
>
> On Linux, use iptables or ipchains as a packet filter.
>
> > 3. I need to have a good syslog analyzer to do the logs, report on email
> > or web.
> >    What is the best tool for this?
>
> logwatch does a pretty good job. It's bundled with most Linux distros.
>
> --
> Glenn English
> ghe () slsware com
>
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------

Attachment: _bin
Description: