[Dshield] Syslog Server Software
Timothy A. Holmes
tholmes at mcaschool.net
Wed Mar 15 19:43:19 GMT 2006
No, my boxes are not all *nix, I have a mix of gentoo and fedora linux,
windows server 2003, windows XP pro, Cisco firewall (Pix 501) and
foundry layer 2 and layer 3 switches.
Timothy A. Holmes
IT Manager / Network Admin / Web Master / Computer Teacher
Medina Christian Academy
A Higher Standard...
> -----Original Message-----
> From: list-bounces at lists.dshield.org [mailto:list-
> bounces at lists.dshield.org] On Behalf Of Jon R. Kibler
> Sent: Wednesday, March 15, 2006 12:02 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Syslog Server Software
> "Timothy A. Holmes" wrote:
> > Good Morning to all:
> > I am looking for some software that will allow me to create a
> > centralized syslog server on one of my linux stations. Preferably
> > some sort of EASILLY useable web interface. Im monitoring about 12
> > hosts, and im one person doing all the IT work for the company.
> > and filtering capabilities are a must and remote alerting (email)
> > be really sweet if its possible.
> I presume that they are all *nix boxes? If so, syslog supports this
> directly using @LOGHOST in /etc/syslog.conf. For example:
> *.debug,user.none @LOGHOST
> The "LOGHOST" system must be defined in the /etc/hosts file of each
> that references it. For example:
> 192.168.199.222 loghost.mydomain.com loghost
> Also, depending up the version of syslogd you are using, you may have
> enable network-based logging (an option in Linux in
> -- see: man syslogd).
> If you are running a central logging server, I always recommend that
> go out a buy a cheap 132 column dot matrix printer with variable font
> and set the font to the smallest size you can easily read. Connect it
> the central logging server. Then, put an entry in the central logging
> server's /etc/syslog.conf file to direct all 'interesting' output to
> printer. For example:
> kern.warning,daemon.err,auth.info,local7.info,*.crit /dev/lp0
> That way, if your log files get compromised, you will still have hard
> to use to figure out what went wrong. After all, intruders can erase
> mangle log files, but I yet to see an intruder successfully send
> down the net!
> Also, if your hosts are not all *nix boxes, then you can use any of a
> variety of 'windows syslog' tools to do windows logging to a central
> logging syslog server.
> Jon R. Kibler
> Chief Technical Officer
> A.S.E.T., Inc.
> Charleston, SC USA
> (843) 849-8214
> Filtered by: TRUSTEM.COM's Email Filtering Service
> No Spam. No Viruses. Just Good Clean Email.
More information about the list