RE: syslog management
From: Jonah Kowall (jkowall@psteering.com)Date: 06/20/02
- Previous message: Azad Mahmoud: "IDS Project"
- Maybe in reply to: Wang, Jack: "syslog management"
- Next in thread: Tucker, Jason: "RE: syslog management"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 20 Jun 2002 11:27:48 -0400 From: "Jonah Kowall" <jkowall@psteering.com> To: "Stephen Cooper" <Stephen.Cooper@bis.org>, <MEvans@CO.SLC.UT.US>, <focus-ids@lists.securityfocus.com>, <Wang@Security-Card.com>
Our setup is very similar, but slightly reversed :)
Syslog-ng collects and filters the data coming from:
Cisco Routers
Extreme Switches
3Com Switches
Load Balancers
Linux Boxes (on syslog-ng)
FreeBSD boxes (on syslog-ng)
Sun boxes (on standard syslog)
W2K and NT boxes (on http://www.eventreporter.com/en/)
Checkpoint Firewall logs
Syslog-ng runs UDP and TCP, so you can select the reliability of the log
transfer.
Syslog-ng lets you filter by a combination of facility, hostname, or
other types of customized filtering. You can easily add in any syslog
monitoring tool to email you on certain events.
> -----Original Message-----
> From: Stephen Cooper [mailto:Stephen.Cooper@bis.org]
> Sent: Thursday, June 20, 2002 3:22 AM
> To: MEvans@CO.SLC.UT.US; focus-ids@lists.securityfocus.com;
> Wang@Security-Card.com
> Subject: RE: syslog management
>
>
> Hello,
>
> I have just finsihed deploying a corporate syslog server setup.
>
> The products I chose were
>
> Kiwisyslog 7.0 (autosplits logs, filters, listens on TCP/UDP
> and SNMP and logs)
>
> Adiscon EventReporter on Win32 systems
>
> The products I tried, but rejected were
>
> Adiscon WinSyslog (technically advanced, but too hard to
> build up filters on for a large number of servers) HP-UX
> Syslog (you get one large file and it chews expensive Unix
> disk space) Syslog-ng on HP-UX. Didnt compile in a sane
> manner, vendor does not offer support as yet (but are
> apparently planning to)
>
> It works really well, I have data coming in from Unix
> systems, Cisco kit, Firewalls and Windows 2000 Servers.
>
> We encrypt Win2K syslog traffic by means of IPSEC.
>
> Stephen
>
> >>> "Mark L. Evans" <MEvans@CO.SLC.UT.US> Wednesday 19, June, 2002
> >>> 23:00:30 >>>
> Try this link: http://solarwinds.net/Toolsets.htm
>
> This product is really much more than a syslog server. It
> does however have the best syslog management that I have
> found. It meets all of your criteria.
>
> Mark
>
> > -----Original Message-----
> > From: Wang, Jack [mailto:Wang@Security-Card.com]
> > Sent: Wednesday, June 19, 2002 9:05 AM
> > To: focus-ids@lists.securityfocus.com
> > Subject: syslog management
> >
> >
> > Hi all:
> >
> > Is there a good software to manage the huge amount of syslog
> > generated by
> > Network equipment, IDS etc?
> >
> > I have tested Kiwi syslog, winsyslog, syslogd.exe etc. In my
> > opinion, the
> > ideal one should be as following:
> >
> > --able to classify the log according to source
> > --able to save into file (.txt, or db)
> > --able to set up the rows of display
> > --able to send email message
> >
> > Or any further comments will be appreciated.
> >
> > Best Regards,
> > Jack
> >
>
>
>
> DISCLAIMER: Any e-mail messages from the Bank for
> International Settlements are sent in good faith, but shall
> not be binding nor construed as constituting any obligation
> on the part of the Bank.
>
> CONFIDENTIALITY NOTICE: This e-mail contains confidential
> information, which is intended only for the use of the
> recipient(s) named above. If you have received this
> communication in error, please notify the sender immediately
> via e-mail and return the entire message. Thank you for your
> assistance.
>
>
- Previous message: Azad Mahmoud: "IDS Project"
- Maybe in reply to: Wang, Jack: "syslog management"
- Next in thread: Tucker, Jason: "RE: syslog management"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
