[Dshield] Managing multiple reporting sources
wlarmon at dshield.org
Sat Jun 14 03:00:31 GMT 2003
> What about logging to a single syslog server and submitting *that* log?
If you use Kiwi Syslog Daemon to collect all the syslogs to a Windows
machine http://www.dshield.org/clients/kiwi_setup.php You then can use our
CVTWIN (http://www.dshield.org/windows_clients.php) to convert the Kiwi log.
Configure CVTWIN to convert 'Kiwi Syslog Daemon (All formats)' CVTWIN will
run each log line through all the Kiwi converters and will pass along the
results from the first successful conversion. So it *should* be able to
convert a single Kiwi log that has logs from multiple machines. (I don't
know if anybody is actually using CVTWIN like this. But it is supposed to
work and if it doesn't, then I'd like to hear about it.)
If you log to a *NIX machine, then you'd have more work. None of the *NIX
framework clients are set up to parse for more than one log type. But it
shouldn't be too difficult to get our 'Framework development kit' and
combine whatever of the parsers you need, to make a custom client that does
the same thing that CVTWIN does.
> -----Original Message-----
> From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On
> Behalf Of Nels Lindquist
> Sent: Thursday, June 12, 2003 8:00 AM
> To: list at dshield.org
> Subject: [Dshield] Managing multiple reporting sources
> My company has a couple of other machines on different networks which
> *could* report, but I'm trying to figure out the best way of doing
> Is there a better way to do it?
> Nels Lindquist <*>
> Information Systems Manager
> Morningstar Air Express Inc.
More information about the list