[Dshield] Syslog Server Software

Timothy A. Holmes tholmes at mcaschool.net
Thu Mar 23 14:15:11 GMT 2006

Thank you ALL for all the advice and suggestions.  My solution is in
place and processing data as we speak ---

I installed syslog-NG on a dedicated Gentoo box and routed all my syslog
traffic to it, Splunk is ingesting the data and presenting it to me in a
useable format, todays projects include setting up syslog-ng on my
fedora stations and figuring out logrotate -- the idea of log-watch
sounds good as well, I may very well look at that also

Hopefully I will also be beginning a Snort installation


Timothy A. Holmes
IT Manager / Network Admin / Web Master / Computer Teacher
Medina Christian Academy
A Higher Standard...
Jeremiah 33:3
Jeremiah 29:11
Esther 4:14

> -----Original Message-----
> From: list-bounces at lists.dshield.org [mailto:list-
> bounces at lists.dshield.org] On Behalf Of Tony Nichols
> Sent: Tuesday, March 21, 2006 8:24 AM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Syslog Server Software
> On Thu, 2006-03-16 at 08:45 -0500, Timothy A. Holmes wrote:
> > Thanks for all the responses, im busy looking at options and hope to
> > have something chosen by later today, Im getting overloaded with
> > information that I have no way to correlate
> >
> > The syslog ng option looks good, I just need a way to analyze the
> > as grepping through the logs is not an option due to time restraints
> >
> > TIM
> >
> >
> > Timothy A. Holmes
> > IT Manager / Network Admin / Web Master / Computer Teacher
> Once they all log to one server you can use LogWatch to email reports
> you.
> I only have 6 server... so I just load LogWatch on them all and have
> them email me a report every day.
> t o n y
> _________________________________________
> Learn about Intrusion Detection in Depth from the comfort of your own
> couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list

More information about the list mailing list