[Dshield] Syslog Server Software

Jon R. Kibler Jon.Kibler at aset.com
Wed Mar 15 17:02:04 GMT 2006


"Timothy A. Holmes" wrote:
> 
> Good Morning to all:
> 
> I am looking for some software that will allow me to create a
> centralized syslog server on one of my linux stations.  Preferably with
> some sort of EASILLY useable web interface.  Im monitoring about 12 - 15
> hosts, and im one person doing all the IT work for the company.  Sorting
> and filtering capabilities are a must and remote alerting (email) would
> be really sweet if its possible.
> 

I presume that they are all *nix boxes? If so, syslog supports this directly using @LOGHOST in /etc/syslog.conf. For example:

*.debug,user.none	@LOGHOST

The "LOGHOST" system must be defined in the /etc/hosts file of each system that references it. For example:
192.168.199.222		loghost.mydomain.com loghost

Also, depending up the version of syslogd you are using, you may have to enable network-based logging (an option in Linux in /etc/sysconfig/syslog -- see: man syslogd).

If you are running a central logging server, I always recommend that you go out a buy a cheap 132 column dot matrix printer with variable font size and set the font to the smallest size you can easily read. Connect it to the central logging server. Then, put an entry in the central logging server's /etc/syslog.conf file to direct all 'interesting' output to the printer. For example:
kern.warning,daemon.err,auth.info,local7.info,*.crit	/dev/lp0

That way, if your log files get compromised, you will still have hard copy to use to figure out what went wrong. After all, intruders can erase or mangle log files, but I yet to see an intruder successfully send white-out down the net!

Also, if your hosts are not all *nix boxes, then you can use any of a wide variety of 'windows syslog' tools to do windows logging to a central logging syslog server.

Jon
-- 
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the list mailing list