[Dshield] Syslog Server Software

Osama Kamal OKamal at Mobinil.com
Wed Mar 29 13:03:27 GMT 2006


Did not try it; let us know how is it going with logwatch.


Regards,
Osama Kamal
CISSP, GIAC GCIA, OSSTMM Security Tester
Security Architecture Expert
Technology Development
Office:   +20 12 320-1039
Mobile:  +20 12 315-1298
Fax:      +20 12 320-0349
e-Mail:   okamal at mobinil.com
-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Timothy A. Holmes
Sent: Monday, March 27, 2006 10:52 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Syslog Server Software

Osama -- wow -- sounds great - do you happen to also use logwatch?  I am
trying to get it configured, and it does not seem to be reporting
anything from my log files, so I am not sure if I have it configured or
if nothing has tripped it 

TIM


Timothy A. Holmes
IT Manager / Network Admin / Web Master / Computer Teacher
 
Medina Christian Academy
A Higher Standard...
 
Jeremiah 33:3
Jeremiah 29:11
Esther 4:14

> -----Original Message-----
> From: list-bounces at lists.dshield.org [mailto:list-
> bounces at lists.dshield.org] On Behalf Of Osama Kamal
> Sent: Sunday, March 26, 2006 7:15 AM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Syslog Server Software
> 
> I am running syslog-ng with mysql, the front-end is php-syslog-ng,
with
> a crontab job to run the logrotate.php script. It is a perfect
solution,
> it is currently handling 5 million record per day, daily log rotation,
> and log retention of 1 week.
> 
> 
> Regards,
> Osama Kamal
> CISSP, GIAC GCIA, OSSTMM Security Tester
> Security Architecture Expert
> Technology Development
> Office:   +20 12 320-1039
> Mobile:  +20 12 315-1298
> Fax:      +20 12 320-0349
> e-Mail:   okamal at mobinil.com
> 
> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Timothy A. Holmes
> Sent: Thursday, March 23, 2006 4:15 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Syslog Server Software
> 
> Thank you ALL for all the advice and suggestions.  My solution is in
> place and processing data as we speak ---
> 
> I installed syslog-NG on a dedicated Gentoo box and routed all my
syslog
> traffic to it, Splunk is ingesting the data and presenting it to me in
a
> useable format, todays projects include setting up syslog-ng on my
> fedora stations and figuring out logrotate -- the idea of log-watch
> sounds good as well, I may very well look at that also
> 
> Hopefully I will also be beginning a Snort installation
> 
> TIM
> 
> 
> Timothy A. Holmes
> IT Manager / Network Admin / Web Master / Computer Teacher
> 
> Medina Christian Academy
> A Higher Standard...
> 
> Jeremiah 33:3
> Jeremiah 29:11
> Esther 4:14
> 
> > -----Original Message-----
> > From: list-bounces at lists.dshield.org [mailto:list-
> > bounces at lists.dshield.org] On Behalf Of Tony Nichols
> > Sent: Tuesday, March 21, 2006 8:24 AM
> > To: General DShield Discussion List
> > Subject: Re: [Dshield] Syslog Server Software
> >
> > On Thu, 2006-03-16 at 08:45 -0500, Timothy A. Holmes wrote:
> > > Thanks for all the responses, im busy looking at options and hope
to
> > > have something chosen by later today, Im getting overloaded with
> > > information that I have no way to correlate
> > >
> > > The syslog ng option looks good, I just need a way to analyze the
> data,
> > > as grepping through the logs is not an option due to time
restraints
> > >
> > > TIM
> > >
> > >
> > > Timothy A. Holmes
> > > IT Manager / Network Admin / Web Master / Computer Teacher
> > Once they all log to one server you can use LogWatch to email
reports
> to
> > you.
> > I only have 6 server... so I just load LogWatch on them all and have
> > them email me a report every day.
> >
> > t o n y
> >
> >
> >
> > _________________________________________
> > Learn about Intrusion Detection in Depth from the comfort of your
own
> > couch:
> > https://www.sans.org/athome/details.php?id=1341&d=1
> >
> > _______________________________________________
> > send all posts to list at lists.dshield.org
> > To change your subscription options (or unsubscribe), see:
> > http://www.dshield.org/mailman/listinfo/list
> 
> 
> _________________________________________
> Learn about Intrusion Detection in Depth from the comfort of your own
> couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 
> 
> *******
> IMPORTANT
> 
> Confidentiality: This e-mail communication and any attachments thereto
> contain information which is confidential and are intended only for
the
> use of the individuals or entities named above.  If you are not the
> intended recipient, you are hereby notified that any disclosure,
copying,
> distribution or the taking any action in reliance on the contents of
these
> documents is strictly prohibited and may be illegal.  Please notify us
of
> your receipt of this e-mail in error and delete the e-mail and any
copies
> of it.
> 
> Monitoring/Viruses: Mobinil may monitor all incoming & outgoing
e-mails in
> line with current legislation. Although we have taken steps to ensure
that
> this e-mail and attachments are free from any Virus, we advise that in
> keeping with good computing practice the recipient should ensure they
are
> actually virus free.
> 
> The Egyptian Company for Mobile Services (Mobinil)
> www.mobinil.com
> *******
> 
> 
> 
> _________________________________________
> Learn about Intrusion Detection in Depth from the comfort of your own
> couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list


_________________________________________
Learn about Intrusion Detection in Depth from the comfort of your own
couch:
https://www.sans.org/athome/details.php?id=1341&d=1

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list


*******
IMPORTANT

Confidentiality: This e-mail communication and any attachments thereto contain information which is confidential and are intended only for the use of the individuals or entities named above.  If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking any action in reliance on the contents of these documents is strictly prohibited and may be illegal.  Please notify us of your receipt of this e-mail in error and delete the e-mail and any copies of it.

Monitoring/Viruses: Mobinil may monitor all incoming & outgoing e-mails in line with current legislation. Although we have taken steps to ensure that this e-mail and attachments are free from any Virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus free.

The Egyptian Company for Mobile Services (Mobinil) 
www.mobinil.com
*******





More information about the list mailing list