[Dshield] Syslog Server Software

Osama Kamal OKamal at Mobinil.com
Sun Mar 26 12:15:17 GMT 2006


I am running syslog-ng with mysql, the front-end is php-syslog-ng, with
a crontab job to run the logrotate.php script. It is a perfect solution,
it is currently handling 5 million record per day, daily log rotation,
and log retention of 1 week. 


Regards,
Osama Kamal
CISSP, GIAC GCIA, OSSTMM Security Tester
Security Architecture Expert
Technology Development
Office:   +20 12 320-1039
Mobile:  +20 12 315-1298
Fax:      +20 12 320-0349
e-Mail:   okamal at mobinil.com

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Timothy A. Holmes
Sent: Thursday, March 23, 2006 4:15 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Syslog Server Software

Thank you ALL for all the advice and suggestions.  My solution is in
place and processing data as we speak ---

I installed syslog-NG on a dedicated Gentoo box and routed all my syslog
traffic to it, Splunk is ingesting the data and presenting it to me in a
useable format, todays projects include setting up syslog-ng on my
fedora stations and figuring out logrotate -- the idea of log-watch
sounds good as well, I may very well look at that also

Hopefully I will also be beginning a Snort installation

TIM


Timothy A. Holmes
IT Manager / Network Admin / Web Master / Computer Teacher
 
Medina Christian Academy
A Higher Standard...
 
Jeremiah 33:3
Jeremiah 29:11
Esther 4:14

> -----Original Message-----
> From: list-bounces at lists.dshield.org [mailto:list-
> bounces at lists.dshield.org] On Behalf Of Tony Nichols
> Sent: Tuesday, March 21, 2006 8:24 AM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Syslog Server Software
> 
> On Thu, 2006-03-16 at 08:45 -0500, Timothy A. Holmes wrote:
> > Thanks for all the responses, im busy looking at options and hope to
> > have something chosen by later today, Im getting overloaded with
> > information that I have no way to correlate
> >
> > The syslog ng option looks good, I just need a way to analyze the
data,
> > as grepping through the logs is not an option due to time restraints
> >
> > TIM
> >
> >
> > Timothy A. Holmes
> > IT Manager / Network Admin / Web Master / Computer Teacher
> Once they all log to one server you can use LogWatch to email reports
to
> you.
> I only have 6 server... so I just load LogWatch on them all and have
> them email me a report every day.
> 
> t o n y
> 
> 
> 
> _________________________________________
> Learn about Intrusion Detection in Depth from the comfort of your own
> couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list


_________________________________________
Learn about Intrusion Detection in Depth from the comfort of your own
couch:
https://www.sans.org/athome/details.php?id=1341&d=1

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list


*******
IMPORTANT

Confidentiality: This e-mail communication and any attachments thereto contain information which is confidential and are intended only for the use of the individuals or entities named above.  If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking any action in reliance on the contents of these documents is strictly prohibited and may be illegal.  Please notify us of your receipt of this e-mail in error and delete the e-mail and any copies of it.

Monitoring/Viruses: Mobinil may monitor all incoming & outgoing e-mails in line with current legislation. Although we have taken steps to ensure that this e-mail and attachments are free from any Virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus free.

The Egyptian Company for Mobile Services (Mobinil) 
www.mobinil.com
*******





More information about the list mailing list