Firewall Wizards mailing list archives
Re: syslog and network management
From: "Darden, Patrick S." <darden () armc org>
Date: Wed, 20 Feb 2008 14:02:05 -0500
Nad, You seemed to be asking 3 questions: 1. Is it a good idea to have a centralized log server for a plethora of devices and servers? My answer is yes--it is considered best practice. 2. Is it a good idea to have other server services like NTP on the box? My answer is no. You should turn off all services that aren't absolutely necessary for reasons of security. Most servers I would say sure--go ahead. But one of the main reasons for having a centralized log server is for security. Put a firewall on that box. Turn off extra services. Keep it locked up tight. You will be happy when you have to consult it for a routine audit, happier when HR or Admin needs to know something for sure, and even happier when the FBI or whomever shows up with a warrant or a court order. 3. Performance-wise, is there anything special needed? Not really. It depends on the size of the network, number of devices, how much detail you are recording, etc. What you describe is a good basis for starting. Proably the three best things you could do would be: dual core cpu (any decent ghz), a great NIC (or two, lots of udp bursts from syslog), and lots of storage (you would want to keep at least 1 year in local drive space). --Patrick Darden --ARMC -----Original Message----- From: firewall-wizards-bounces () listserv icsalabs com [mailto:firewall-wizards-bounces () listserv icsalabs com]On Behalf Of shadow floating Sent: Tuesday, February 19, 2008 3:52 PM To: Firewall Wizards Security Mailing List Subject: Re: [fw-wiz] syslog and network management thanks alot patrick, i was not actually asking about the centralized log server issue as i believe in it...but is it appropriate to add firewall and router management applications to be installed onto that server , like ciscoworks and the like?..or it's better to add another separate management machine in addition to the syslog machine from the security point of view thanks alot Nad On Feb 19, 2008 8:35 PM, Darden, Patrick S. <darden () armc org> wrote:
Having a centralized log server is actually definced as best practice. It is generally felt that it should only be the log server though, all other services turned off, firewall in place, etc. so it can be inviolate for all auditing, legal procedures, security traces, etc. The case for centralized logging: http://ebuzzsaw.com/whitePapers/Case_for_Centralize_Logging.htm -----Original Message----- From: firewall-wizards-bounces () listserv icsalabs com [mailto:firewall-wizards-bounces () listserv icsalabs com]On Behalf Of shadow floating Sent: Tuesday, February 19, 2008 10:20 AM To: Firewall Wizards Security Mailing List Subject: [fw-wiz] syslog and network management Hi all, is it appropriate from security point of view to have one server in which syslog is installed to colledt logs from all network devices (firewalls, switches and routers), in addition to installing management software to like ciscoworks on the same machine, in addition to using this machine as a network time server to sync all network devices?, if yes does any one recommed certain specs for this machine or it can be an ordinary machine with 1 GB of memory and 512 GB hard disk and 3.2 GHz processor. thanks alot regards _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- syslog and network management shadow floating (Feb 19)
- Re: syslog and network management Darden, Patrick S. (Feb 19)
- Re: syslog and network management shadow floating (Feb 20)
- Re: syslog and network management Darden, Patrick S. (Feb 21)
- Re: syslog and network management david (Feb 22)
- Re: syslog and network management Brian Loe (Feb 22)
- Re: syslog and network management david (Feb 23)
- Re: syslog and network management Brian Loe (Feb 25)
- Re: syslog and network management david (Feb 27)
- Re: syslog and network management ArkanoiD (Feb 29)
- Re: syslog and network management Timothy Shea (Feb 29)
- Re: syslog and network management shadow floating (Feb 20)
- Re: syslog and network management Darden, Patrick S. (Feb 19)
- Re: syslog and network management Alejandro Ezequiel Fernández Preda (Feb 21)
- Re: syslog and network management Dave Piscitello (Feb 22)
- Re: syslog and network management Brian Loe (Feb 22)