[Spam Quarantined]Re: centralizing logs

["Roger A. Grimes" <roger () banneretcs com>]

There are several syslog gathering utilites that work okay.  Most security
devices support syslogging (although the Windows version of Honeyd doesn't).
I'm not a big fan of the syslog standard because it doesn't decode messages
enough so all decoding and segmenting has to be done on the database engine
that you  hook to the syslog backend (that is collecting all the messages),
but it's the only solution I have found to centralize all security logging.

I've been pleased with Kiwi's Syslog daemon on the Windows side, but there
are certainly lots of alternatives on all platforms.

Roger

****************************************************************************
****
*Roger A. Grimes, Computer Security Consultant
*CPA, MCSE:Security (NT/2000/2003/MVP), CNE (3/4), A+
*email: roger () banneretcs com
*cell: 757-615-3355
*Author of Malicious Mobile Code:  Virus Protection for Windows by O'Reilly
*http://www.oreilly.com/catalog/malmobcode
*Author of upcoming Honeypots for Windows (Apress)
****************************************************************************
*****
----- Original Message ----- 
From: "dcneting" <zanoramy () streamyx com>
To: <honeypots () securityfocus com>
Sent: Thursday, March 11, 2004 7:44 AM
Subject: centralizing logs


> is there any tool(open source/commercial) that can be use to centralized
> every log into 1 database? Im using a lot of tools here like ethereal,
> tcpdump,snort..bla bla bla...so, it is hard for me to see the log one by
> one...