PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Setting up a syslog server

From: Champ Clark III <cclark () quadrantsec com>
Date: Mon, 07 Jan 2013 11:14:24 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


It's not that hard to setup  syslog-ng/rsyslog server to simply
collect logs.

If you want to "detect" bad things via the log,  check out the Sagan
log analysis engine.  If you're familiar with Snort,  then you already
know Sagan (basically).  That project is at http://sagan.quadrantsec.com


Unfortunately I can't give to much away as it is part of a
commercial project, at the moment they just want me to evaluate how
easy it is to set up and the gain an idea of how much data is
generated each day.

I'll have a look at OSSEC as well but I think from what I've been
told that a simple syslog server with Snare to grab logs from
Windows will do what they want.

Robin




- -- 
- - Champ Clark III (cclark () quadrantsec com)
  Quadrant Information Security (http://quadrantsec.com)
  Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A
  GPG Key ID: 0381878A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQEcBAEBAgAGBQJQ6vRgAAoJENnmXt7Lmc3KpWkH/2oU0sD6eGMe0rBozNCP2J5z
xwbyuYqEB7F+xwmqu1qjAM2QYWHOmjleXE3dkwEntyepLPXrZ0A/WcE2v/OUfxCz
gwPKZrgAr1OwVu0So/LvbbBNK8A1sLlyLN87mWXsAi+jUftFgeYkqDXwDl62wXLM
kwIXM2E3t+91ikH8zJ2GbN1ahQAtnB2KAlPJl3IdBKDIApj+cya4Zq5lAFKf/Eyn
netiU4jeJuYaNQNUnQSCDI+LY+dil4d8tDK+R1KTJoHotsTGjKXrrdmrNdg4jhL4
+CcTGb4AUpWnYxXCcxv9taUxNOL1a5Z0zeTvGYO5MI86rgS0bT5LqzUAsGWAkt0=
=PBIR
-----END PGP SIGNATURE-----
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: