Security Basics mailing list archives

Re: syslog log collabration

From: Glenn English <ghe () slsware com>
Date: 29 Jul 2003 09:43:56 -0600

On Tue, 2003-07-29 at 03:12, subscribe wrote:

1. I'm not sure which syslog daemon to choose: syslogd or syslog-ng.
   Any comments?


syslogd. Start it with the -r switch to have it listen on port 413, UDP.

2. I have to make the syslog deamon secure so that only the hosts I
chose can connect.
   Is there any whitepapers or recommendations on how to do this?


On Linux, use iptables or ipchains as a packet filter.

3. I need to have a good syslog analyzer to do the logs, report on email
or web.
   What is the best tool for this?


logwatch does a pretty good job. It's bundled with most Linux distros.

-- 
Glenn English
ghe () slsware com


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

syslog log collabration subscribe (Jul 29)
- Re: syslog log collabration Glenn English (Jul 29)
- Re: syslog log collabration oneyed (Jul 30)
- <Possible follow-ups>
- Re: syslog log collabration Papapanagiotoy Theofilos (Jul 30)