[Dshield] Opinions on Central Logging Systems

McKinlay, Ken ken.mckinlay at dy4.com
Tue Oct 15 13:48:13 GMT 2002


I am currently using a central syslog server with swatch to monitor the logs
from our internal systems. It has been informative (and a little shocking)
to see the problems I have been missing. I haven't implemented the system
for my service network systems since I am not too sure how I want the data
to be punched through the firewall. The other problem I have is whether to
stick with the stock syslog or use syslog-ng or something similar. I would
love to have some sort of non-repudiation (eg signatures, md5 hash) so I
know that the data has not been tampered with on-route.

For snort logs, I've been using ACID to manage the data from the 2 passive
monitoring sensors. Once in the DMZ and another in between our internal
router and the firewall.  

Ken McKinlay, GCIA
Network Security, Dy 4 Systems
613-599-9199 x5506
ken.mckinlay at dy4.com


> -----Original Message-----
> From: Tony Carothers [mailto:tony_carothers at vivato.net]
> Sent: Monday, October 14, 2002 12:58
> To: list at dshield.org
> Subject: [Dshield] Opinions on Central Logging Systems
> 
> 
> Since it seems to be a slow morning, I would like to throw 
> out a thought
> for general discussion.......
> 
> I am currently considering several systems for central logging of
> alerts, log files, and other security events.  Does anybody out there
> have any thoughts or opinions, good or bad, they would care to share.
> 
> 
> Tony Carothers
> Network Administrator
> Vivato, Inc.
> tony_carothers at vivato.net
> 509-343-6001
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list
> 




More information about the list mailing list