[Dshield] Syslog Server Software

Timothy A. Holmes tholmes at mcaschool.net
Mon Mar 27 20:52:29 GMT 2006


Osama -- wow -- sounds great - do you happen to also use logwatch?  I am
trying to get it configured, and it does not seem to be reporting
anything from my log files, so I am not sure if I have it configured or
if nothing has tripped it 

TIM


Timothy A. Holmes
IT Manager / Network Admin / Web Master / Computer Teacher
 
Medina Christian Academy
A Higher Standard...
 
Jeremiah 33:3
Jeremiah 29:11
Esther 4:14

> -----Original Message-----
> From: list-bounces at lists.dshield.org [mailto:list-
> bounces at lists.dshield.org] On Behalf Of Osama Kamal
> Sent: Sunday, March 26, 2006 7:15 AM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Syslog Server Software
> 
> I am running syslog-ng with mysql, the front-end is php-syslog-ng,
with
> a crontab job to run the logrotate.php script. It is a perfect
solution,
> it is currently handling 5 million record per day, daily log rotation,
> and log retention of 1 week.
> 
> 
> Regards,
> Osama Kamal
> CISSP, GIAC GCIA, OSSTMM Security Tester
> Security Architecture Expert
> Technology Development
> Office:   +20 12 320-1039
> Mobile:  +20 12 315-1298
> Fax:      +20 12 320-0349
> e-Mail:   okamal at mobinil.com
> 
> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Timothy A. Holmes
> Sent: Thursday, March 23, 2006 4:15 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Syslog Server Software
> 
> Thank you ALL for all the advice and suggestions.  My solution is in
> place and processing data as we speak ---
> 
> I installed syslog-NG on a dedicated Gentoo box and routed all my
syslog
> traffic to it, Splunk is ingesting the data and presenting it to me in
a
> useable format, todays projects include setting up syslog-ng on my
> fedora stations and figuring out logrotate -- the idea of log-watch
> sounds good as well, I may very well look at that also
> 
> Hopefully I will also be beginning a Snort installation
> 
> TIM
> 
> 
> Timothy A. Holmes
> IT Manager / Network Admin / Web Master / Computer Teacher
> 
> Medina Christian Academy
> A Higher Standard...
> 
> Jeremiah 33:3
> Jeremiah 29:11
> Esther 4:14
> 
> > -----Original Message-----
> > From: list-bounces at lists.dshield.org [mailto:list-
> > bounces at lists.dshield.org] On Behalf Of Tony Nichols
> > Sent: Tuesday, March 21, 2006 8:24 AM
> > To: General DShield Discussion List
> > Subject: Re: [Dshield] Syslog Server Software
> >
> > On Thu, 2006-03-16 at 08:45 -0500, Timothy A. Holmes wrote:
> > > Thanks for all the responses, im busy looking at options and hope
to
> > > have something chosen by later today, Im getting overloaded with
> > > information that I have no way to correlate
> > >
> > > The syslog ng option looks good, I just need a way to analyze the
> data,
> > > as grepping through the logs is not an option due to time
restraints
> > >
> > > TIM
> > >
> > >
> > > Timothy A. Holmes
> > > IT Manager / Network Admin / Web Master / Computer Teacher
> > Once they all log to one server you can use LogWatch to email
reports
> to
> > you.
> > I only have 6 server... so I just load LogWatch on them all and have
> > them email me a report every day.
> >
> > t o n y
> >
> >
> >
> > _________________________________________
> > Learn about Intrusion Detection in Depth from the comfort of your
own
> > couch:
> > https://www.sans.org/athome/details.php?id=1341&d=1
> >
> > _______________________________________________
> > send all posts to list at lists.dshield.org
> > To change your subscription options (or unsubscribe), see:
> > http://www.dshield.org/mailman/listinfo/list
> 
> 
> _________________________________________
> Learn about Intrusion Detection in Depth from the comfort of your own
> couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 
> 
> *******
> IMPORTANT
> 
> Confidentiality: This e-mail communication and any attachments thereto
> contain information which is confidential and are intended only for
the
> use of the individuals or entities named above.  If you are not the
> intended recipient, you are hereby notified that any disclosure,
copying,
> distribution or the taking any action in reliance on the contents of
these
> documents is strictly prohibited and may be illegal.  Please notify us
of
> your receipt of this e-mail in error and delete the e-mail and any
copies
> of it.
> 
> Monitoring/Viruses: Mobinil may monitor all incoming & outgoing
e-mails in
> line with current legislation. Although we have taken steps to ensure
that
> this e-mail and attachments are free from any Virus, we advise that in
> keeping with good computing practice the recipient should ensure they
are
> actually virus free.
> 
> The Egyptian Company for Mobile Services (Mobinil)
> www.mobinil.com
> *******
> 
> 
> 
> _________________________________________
> Learn about Intrusion Detection in Depth from the comfort of your own
> couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list