[unisog] unisog Digest, Vol 55, Issue 9

Kim Cary kim.cary at pepperdine.edu
Fri Jun 19 22:16:51 GMT 2009


For centralized logging, I recommend 'SNARE'. You can get pretty granular on
what you want sent from EVT to syslog.

On Fri, Jun 19, 2009 at 8:00 AM, <unisog-request at lists.dshield.org> wrote:

> Send unisog mailing list submissions to
>        unisog at lists.dshield.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://lists.sans.org/mailman/listinfo/unisog
> or, via email, send a message with subject or body 'help' to
>        unisog-request at lists.dshield.org
>
> You can reach the person managing the list at
>        unisog-owner at lists.dshield.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of unisog digest..."
>
>
> Today's Topics:
>
>   1. Re: Managed host based firewalls (Alexander Clouter)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 18 Jun 2009 18:35:14 +0100
> From: Alexander Clouter <alex at digriz.org.uk>
> Subject: Re: [unisog] Managed host based firewalls
> To: unisog at lists.sans.org
> Message-ID: <ifaqg6-iom.ln1 at woodchuck.wormnet.eu>
>
> Clark Gaylord <cgaylord at vt.edu> wrote:
> >
> > What's wrong with Windows Firewall? It works better than most, stays
> > out of the way, no installation to manage, easily managed via GPO -- I
> > don't get it. Granted it isn't ipfilter or even iptables, but nothing
> > is on Windows and GPO is sweet and easy.
> >
> I think one of the key things was the centralised *logging* part.
> Although I am fortunate enough to have nothing to do with the Windows
> world, as far as I was aware the Event logger rarely contains anything
> particularly useful/usable and getting it exported to a central system
> involves usually some kind of syslog converter do-fango.
>
> Cheers
>
> --
> Alexander Clouter
> .sigmonster says: Blow it out your ear.
>
>
>
> ------------------------------
>
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog
>
> End of unisog Digest, Vol 55, Issue 9
> *************************************
>



-- 
Kim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sans.org/pipermail/unisog/attachments/20090619/926bbafa/attachment.htm 


More information about the unisog mailing list