Re: [fw-wiz] Centrallizing logs

From: m p (sumirati@yahoo.de)
Date: 09/12/02 

From: m p <sumirati@yahoo.de>
To: Rudy_D_Pereda@mail.dbf.state.fl.us, firewall-wizards@nfr.com, firewall-wizards-admin@honor.icsalabs.com
Date: Thu Sep 12 15:25:16 2002

 --- Rudy_D_Pereda@mail.dbf.state.fl.us schrieb: >
> I would like to centralize my logs to one server. The OS that I would be
> using would be FreeBSD 4.6. My environment consists of cisco
> routers/firewalls, freebsd running ipfilter and web servers running on NT.
> I have two questions: 1) What syslog do you recommend?, 2) what software do
> you recommend to check logs?
>
> Any info will be much appreciated,
>
> thanks to all in advance,
>
> rdp
>
>

As for the ciscos: They report all things via syslog.
As for ipfilter on FreeBSD: Via ipmon you can utilize syslog.
As for the web servers: Which one are you running? Apache can be talked into to
 log via syslog. I checked for IIS 4 (we are still running some of them here
*sigh*) - it can of course not log to anything else then to a file. Perhaps IIS
5 can do it - or you are not running IIS at all (if you are lucky).

For the questions:
1) I'm not a code monkey anymore. That was some years back in time ;). But the
functionality and handling of syslog-ng is ok for me. The quality of the code
is better approved by someone else.
2) Analog is quite handy. Originaly it is a web server log analyser. Some
people wrote scripts that you can analyse your ipf/BIND/sendmail/qmail/postfix
as if they were web logs. Or you write your own script to convert your logs to
what you want. Or use Perl and time to create a log tool to match _your_
requirements. The requierements may differ extremly.

Just my 2 cent.

Marc

__________________________________________________________________

Gesendet von Yahoo! Mail - http://mail.yahoo.de
Möchten Sie mit einem Gruß antworten? http://grusskarten.yahoo.de

Relevant Pages

  • RE: isa 2004 & external website access issue
    ... emailed the logs to you as requested. ... each web server has its own public IP ... > headers in ISA Server ... > 'Microsoft Firewall' service. ...
    (microsoft.public.windows.server.sbs)
  • RE: Exchange Server
    ... I researched your logs and found the MSExchangeTransport events 4006, 969, ... Right click Default SMTP Virtual Server and select Properties. ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • RE: OWA 2003 with ISA 2004
    ... OWA externally. ... i can login by any user. ... 825763 How to configure Internet access in Windows Small Business Server ... g. Reproduce this issue and send the logs to me. ...
    (microsoft.public.windows.server.sbs)
  • RE: OWA 2003 with ISA 2004
    ... I understand that you can not login OWA from ... 825763 How to configure Internet access in Windows Small Business Server ... g. Reproduce this issue and send the logs to me. ... and then right click 'Microsoft Firewall' to ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN, RRAS & DHCP
    ... After researching your logs, I found the Event ID 20169 ... Please try to set RemoteAccess service to depend on the DHCP server ... Reboot the server to see whether the issue still occurs. ... The problem occurred after you install ISA server. ...
    (microsoft.public.windows.server.sbs)