RE: syslog management

From: Stephen Cooper (Stephen.Cooper@bis.org)
Date: 06/20/02 

Date: Thu, 20 Jun 2002 09:21:52 +0200
From: "Stephen Cooper" <Stephen.Cooper@bis.org>
To: <MEvans@CO.SLC.UT.US>, <focus-ids@lists.securityfocus.com>, <Wang@Security-Card.com>

Hello,

I have just finsihed deploying a corporate syslog server setup.

The products I chose were

Kiwisyslog 7.0 (autosplits logs, filters, listens on TCP/UDP and SNMP and logs)

Adiscon EventReporter on Win32 systems

The products I tried, but rejected were

Adiscon WinSyslog (technically advanced, but too hard to build up filters on for a large number of servers)
HP-UX Syslog (you get one large file and it chews expensive Unix disk space)
Syslog-ng on HP-UX. Didnt compile in a sane manner, vendor does not offer support as yet (but are apparently planning to)

It works really well, I have data coming in from Unix systems, Cisco kit, Firewalls and Windows 2000 Servers.

We encrypt Win2K syslog traffic by means of IPSEC.

Stephen

>>> "Mark L. Evans" <MEvans@CO.SLC.UT.US> Wednesday 19, June, 2002 23:00:30 >>>
Try this link: http://solarwinds.net/Toolsets.htm

This product is really much more than a syslog server. It does however have
the best syslog management that I have found. It meets all of your criteria.

Mark

> -----Original Message-----
> From: Wang, Jack [mailto:Wang@Security-Card.com]
> Sent: Wednesday, June 19, 2002 9:05 AM
> To: focus-ids@lists.securityfocus.com
> Subject: syslog management
>
>
> Hi all:
>
> Is there a good software to manage the huge amount of syslog
> generated by
> Network equipment, IDS etc?
>
> I have tested Kiwi syslog, winsyslog, syslogd.exe etc. In my
> opinion, the
> ideal one should be as following:
>
> --able to classify the log according to source
> --able to save into file (.txt, or db)
> --able to set up the rows of display
> --able to send email message
>
> Or any further comments will be appreciated.
>
> Best Regards,
> Jack
>

DISCLAIMER: Any e-mail messages from the Bank for International Settlements are sent in good faith, but shall not be binding nor construed as constituting any obligation on the part of the Bank.

CONFIDENTIALITY NOTICE: This e-mail contains confidential information, which is intended only for the use of the recipient(s) named above. If you have received this communication in error, please notify the sender immediately via e-mail and return the entire message. Thank you for your assistance.

Relevant Pages

  • RE: Syslog and Router
    ... Use the "LOGGING " command to tell the router where the logs ... Setting up the syslog server to only accept logs from a particular IP is ...
    (Security-Basics)
  • Re: Syslog and Router
    ... Subject: Syslog and Router ... >> logs are supposed to go. ... >> some syslog server then logs are displayed on console. ...
    (Security-Basics)
  • RE: very busy syslog server
    ... Subject: Re: very busy syslog server ... >Subject: Re: very busy syslog server ... >than one packet per interrupt. ...
    (freebsd-performance)
  • RE: audit trails for file access
    ... I actually use NTSyslog to send my logs off to a syslog server, ... On the syslog server side, I use syslog-ng to log to a MySQL database. ... In regards to logging to another machine, use the Eventlog to Syslog ...
    (Focus-Microsoft)
  • RE: syslog management
    ... For NT event to Syslog conversion, you might want to check out BackLog. ... Syslog-ng collects and filters the data coming from: ... Checkpoint Firewall logs ... > I have just finsihed deploying a corporate syslog server setup. ...
    (Focus-IDS)