Re: [fw-wiz] syslog and network management



On Feb 20, 2008 12:45 PM, Brian Loe <knobdy@xxxxxxxxx> wrote:


I might rephrase that to say, "It is generally thought that the log
server should be separate from all other services..."


I might also add that part of the reason for this, in my experience,
isn't so much security related but the fact that if the syslog server
is doing anything else you will likely lose a lot of syslog messages.
Especially if you're following some best practices and running your
firewall in debug mode...
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: possible rooted systems
    ... > Or if your Firewall allows for it, ... > out to a central server (Sorry not familiar with NOVELL Syslog ... There's KIWI SYSLOG SERVER for Windows. ...
    (Security-Basics)
  • RE: Centralizing Event Viewer Logs
    ... great on my local servers so after a while I tried it on a server at my ... Subject: Centralizing Event Viewer Logs ... then sends it to the syslog server. ...
    (Focus-Microsoft)
  • Fwd: Centralizing Event Viewer Logs
    ... Earlier in my search for an event management solution I found one that ... great on my local servers so after a while I tried it on a server at my ... Subject: Centralizing Event Viewer Logs ... then sends it to the syslog server. ...
    (Focus-Microsoft)
  • RE: Event log counts...
    ... Couldn't you export the log data from the syslog server to a csv file ... Subject: Event log counts... ...
    (Security-Basics)
  • remote syslog segregation
    ... I am setting up a real honest to goodness syslog server ... how to segregate logs from each machine.. ... any ideas on what I need to configure, and HOW to configure the clients ...
    (RedHat)