[Dshield] Syslog Server Software

Daniel Cid danielcid at yahoo.com.br
Wed Mar 29 02:24:44 GMT 2006


Hi Timothy,

I was looking at some of the responses in here and I
decided the comment a little too :) Sorry if my reply
is to late in the thread.

Currently, the way I'm managing my syslog messages
is using the ossec hids (yeah, I'm the developer of
it, so a little bit of self promotion).

I basically installed the ossec hids "server" on my
log server and installed the ossec hids "agent" on my
critical systems (web server, mail server, etc).

The agents forward all my logs to the server in real
time using an encrypted tunnel. On the server, you can
write rules to correlate the logs, generate alerts,
generate responses (even responses locally on the
machine that generated the event), etc... It's working
really good and  I know of some ISPs and universities
using it too...

I just released a new version, so you can check it
out...

Btw, the agents in addition to log analysis, they also
do integrity checking of the files and look for
rootkits :)

http://www.ossec.net (new version just released is
0.7).

Thanks,

--
Daniel B. Cid
dcid @ ( at ) ossec.net
http://www.ossec.net



--- "Timothy A. Holmes" <tholmes at mcaschool.net>
escreveu:

> Thank you ALL for all the advice and suggestions. 
> My solution is in
> place and processing data as we speak ---
> 
> I installed syslog-NG on a dedicated Gentoo box and
> routed all my syslog
> traffic to it, Splunk is ingesting the data and
> presenting it to me in a
> useable format, todays projects include setting up
> syslog-ng on my
> fedora stations and figuring out logrotate -- the
> idea of log-watch
> sounds good as well, I may very well look at that
> also
> 
> Hopefully I will also be beginning a Snort
> installation
> 
> TIM
> 
> 
> Timothy A. Holmes
> IT Manager / Network Admin / Web Master / Computer
> Teacher
>  
> Medina Christian Academy
> A Higher Standard...
>  
> Jeremiah 33:3
> Jeremiah 29:11
> Esther 4:14
> 
> > -----Original Message-----
> > From: list-bounces at lists.dshield.org [mailto:list-
> > bounces at lists.dshield.org] On Behalf Of Tony
> Nichols
> > Sent: Tuesday, March 21, 2006 8:24 AM
> > To: General DShield Discussion List
> > Subject: Re: [Dshield] Syslog Server Software
> > 
> > On Thu, 2006-03-16 at 08:45 -0500, Timothy A.
> Holmes wrote:
> > > Thanks for all the responses, im busy looking at
> options and hope to
> > > have something chosen by later today, Im getting
> overloaded with
> > > information that I have no way to correlate
> > >
> > > The syslog ng option looks good, I just need a
> way to analyze the
> data,
> > > as grepping through the logs is not an option
> due to time restraints
> > >
> > > TIM
> > >
> > >
> > > Timothy A. Holmes
> > > IT Manager / Network Admin / Web Master /
> Computer Teacher
> > Once they all log to one server you can use
> LogWatch to email reports
> to
> > you.
> > I only have 6 server... so I just load LogWatch on
> them all and have
> > them email me a report every day.
> > 
> > t o n y
> > 
> > 
> > 
> > _________________________________________
> > Learn about Intrusion Detection in Depth from the
> comfort of your own
> > couch:
> >
> https://www.sans.org/athome/details.php?id=1341&d=1
> > 
> > _______________________________________________
> > send all posts to list at lists.dshield.org
> > To change your subscription options (or
> unsubscribe), see:
> > http://www.dshield.org/mailman/listinfo/list
> 
> 
> _________________________________________
> Learn about Intrusion Detection in Depth from the
> comfort of your own couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or
> unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 



	



	
		
_______________________________________________________ 
Yahoo! doce lar. Faça do Yahoo! sua homepage. 
http://br.yahoo.com/homepageset.html 



More information about the list mailing list