[Dshield] Syslog Server Software

Timothy A. Holmes tholmes at mcaschool.net
Wed Mar 15 19:43:19 GMT 2006


No, my boxes are not all *nix,  I have a mix of gentoo and fedora linux,
windows server 2003, windows XP pro, Cisco firewall (Pix 501) and
foundry layer 2 and layer 3 switches.

TIM


Timothy A. Holmes
IT Manager / Network Admin / Web Master / Computer Teacher
 
Medina Christian Academy
A Higher Standard...
 
Jeremiah 33:3
Jeremiah 29:11
Esther 4:14
> -----Original Message-----
> From: list-bounces at lists.dshield.org [mailto:list-
> bounces at lists.dshield.org] On Behalf Of Jon R. Kibler
> Sent: Wednesday, March 15, 2006 12:02 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Syslog Server Software
> 
> "Timothy A. Holmes" wrote:
> >
> > Good Morning to all:
> >
> > I am looking for some software that will allow me to create a
> > centralized syslog server on one of my linux stations.  Preferably
with
> > some sort of EASILLY useable web interface.  Im monitoring about 12
- 15
> > hosts, and im one person doing all the IT work for the company.
Sorting
> > and filtering capabilities are a must and remote alerting (email)
would
> > be really sweet if its possible.
> >
> 
> I presume that they are all *nix boxes? If so, syslog supports this
> directly using @LOGHOST in /etc/syslog.conf. For example:
> 
> *.debug,user.none	@LOGHOST
> 
> The "LOGHOST" system must be defined in the /etc/hosts file of each
system
> that references it. For example:
> 192.168.199.222		loghost.mydomain.com loghost
> 
> Also, depending up the version of syslogd you are using, you may have
to
> enable network-based logging (an option in Linux in
/etc/sysconfig/syslog
> -- see: man syslogd).
> 
> If you are running a central logging server, I always recommend that
you
> go out a buy a cheap 132 column dot matrix printer with variable font
size
> and set the font to the smallest size you can easily read. Connect it
to
> the central logging server. Then, put an entry in the central logging
> server's /etc/syslog.conf file to direct all 'interesting' output to
the
> printer. For example:
> kern.warning,daemon.err,auth.info,local7.info,*.crit	/dev/lp0
> 
> That way, if your log files get compromised, you will still have hard
copy
> to use to figure out what went wrong. After all, intruders can erase
or
> mangle log files, but I yet to see an intruder successfully send
white-out
> down the net!
> 
> Also, if your hosts are not all *nix boxes, then you can use any of a
wide
> variety of 'windows syslog' tools to do windows logging to a central
> logging syslog server.
> 
> Jon
> --
> Jon R. Kibler
> Chief Technical Officer
> A.S.E.T., Inc.
> Charleston, SC  USA
> (843) 849-8214
> 
> 
> 
> 
> ==================================================
> Filtered by: TRUSTEM.COM's Email Filtering Service
> http://www.trustem.com/
> No Spam. No Viruses. Just Good Clean Email.





More information about the list mailing list