[Dshield] Managing multiple reporting sources

dsb@rlx.com dsb at rlx.com
Wed Jun 18 02:52:11 GMT 2003

Just to clarify, LDAP is not an encryption protocol, but rather a directory
service.  Not sure exactly the relation of LDAP to the topic at hand,

On your other points, I agree completely, and have implemented both
alternatives (VPN and SSH/SCP) in active configurations right now.

I manage four disparate networks for the same company.  Between two sites,
we have a hardware-based point-to-point VPN solution in place.  However, to
conserve bandwidth and provide better reliability, I still don't remote log.
Instead, in all four locations, I have a local syslog collecting server that
all the other machines send copies of their logs to.  These, in turn, have
cron jobs that rotate and send their logs to a single centralized server,
where they are processed, correlated, and archived (all on a RAID for more

Perhaps a bit overkill for some configurations, but applicable and scalable.


-----Original Message-----
From: Josh Beckett [mailto:josh at theoubliette.net]
Sent: Tuesday, June 17, 2003 8:17 PM
To: 'General DShield Discussion List'
Subject: RE: [Dshield] Managing multiple reporting sources

Is VPN out of the question?  You could even get creative with other
types of encryption, such as SSL or LDAP and either a web-based or
email-based pre-processing architecture.  This would imply a fair level
of scripting or programming expertise, though.

Even simpler would be a ssh script with host-key authentication or scp
script with the same.

Just because the machines are in different physical locations on diverse
networks does not mean that you cannot get the logs from one place to
the other without secure transfer. 

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On
Behalf Of Nels Lindquist
Sent: Tuesday, June 17, 2003 8:24 AM
To: General DShield Discussion List
Subject: RE: [Dshield] Managing multiple reporting sources

Well, the machines in question are in different cities with nothing 
connecting them but the internet.  I really don't want to do remote 
syslogging over the interenet. :-)
***end cut***

list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list