PaulDotCom mailing list archives
Re: Setting up a syslog server
From: Ralph Durkee <rd () rd1 net>
Date: Mon, 07 Jan 2013 10:18:39 -0500
You haven't given much background on why you want a syslog server. But you may want to consider if something like OSSEC.net would be a better and more complete solution. It's multi platform host based IPS with centralized monitoring. Open source as well! -- Ralph Durkee Xavier Mertens <xavier () rootshell be> wrote:
Hi Robin, Consider using Syslog over TCP (+ TLS if you can't trust the network - can we? :-) rsyslog has a nice feature to queue your events when the central rsyslog is not available. Alternatively, you can use Splunk in distributed mode: collect locally and send to a central Splunk server (http://blog.rootshell.be/2012/12/22/howto-distributed-splunk-architecture/) (Splunk may become expensive if >500MB of data processed per day) /x -- Can't sleep, hackers will eat me! PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x42D006FD51AD7F2C On 07 Jan 2013, at 00:30, Robin Wood <robin () digininja org> wrote:On 6 January 2013 21:54, Doug Burks <doug.burks () gmail com> wrote:Hi Robin, One option would be to install Security Onion and enable ELSA.You'llautomatically get syslog-ng and a nice web interface to hunt throughyourlogs.I might do that as the server side, just need to figure out how togetvarious machines to send all their stuff to it. RobinThanks, Doug On Sunday, January 6, 2013, Robin Wood wrote:Hi I'm going to be setting up a syslog server for the first time nextweek,can anyone recommended any good guides? I know there are quite a few out there but want a good, tested,one.Robin-- Doug Burks http://securityonion.blogspot.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Setting up a syslog server Robin Wood (Jan 06)
- Re: Setting up a syslog server Brett (Jan 06)
- Re: Setting up a syslog server Robin Wood (Jan 06)
- Re: Setting up a syslog server Carlos Perez (Jan 06)
- Re: Setting up a syslog server Robin Wood (Jan 06)
- Re: Setting up a syslog server Doug Burks (Jan 06)
- Re: Setting up a syslog server Robin Wood (Jan 06)
- Re: Setting up a syslog server Xavier Mertens (Jan 07)
- Re: Setting up a syslog server Ralph Durkee (Jan 07)
- Re: Setting up a syslog server Robin Wood (Jan 07)
- Re: Setting up a syslog server Champ Clark III (Jan 07)
- Re: Setting up a syslog server Tom Handlon (Jan 07)
- Re: Setting up a syslog server Robin Wood (Jan 06)
- Re: Setting up a syslog server Brett (Jan 06)
- Re: Setting up a syslog server Albert R. Campa (Jan 07)
- Re: Setting up a syslog server John Franklin (Jan 07)
- Re: Setting up a syslog server Robin Wood (Jan 07)